DATABASE RESOURCES PRICING ABOUT US

{"id": "CVE-2017-18232", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2017-18232", "description": "The Serial Attached SCSI (SAS) implementation in the Linux kernel through 4.15.9 mishandles a mutex within libsas, which allows local users to cause a denial of service (deadlock) by triggering certain error-handling code.", "published": "2018-03-15T04:29:00", "modified": "2019-10-03T00:03:00", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "accessVector": "LOCAL", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1}, "severity": "LOW", "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.0", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 1.8, "impactScore": 3.6}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-18232", "reporter": "cve@mitre.org", "references": ["https://github.com/torvalds/linux/commit/0558f33c06bb910e2879e355192227a8e8f0219d", "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0558f33c06bb910e2879e355192227a8e8f0219d", "http://www.securityfocus.com/bid/103423", "https://www.debian.org/security/2018/dsa-4187", "https://access.redhat.com/errata/RHSA-2018:3096", "https://access.redhat.com/errata/RHSA-2018:3083", "https://usn.ubuntu.com/4163-1/", "https://usn.ubuntu.com/4163-2/"], "cvelist": ["CVE-2017-18232"], "immutableFields": [], "lastseen": "2023-02-08T15:59:23", "viewCount": 142, "enchantments": {"dependencies": {"references": [{"type": "amazon", "idList": ["ALAS-2018-993", "ALAS2-2020-1480"]}, {"type": "centos", "idList": ["CESA-2018:3083"]}, {"type": "debian", "idList": ["DEBIAN:DSA-4187-1:481CA", "DEBIAN:DSA-4187-1:E8170"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2017-18232"]}, {"type": "fedora", "idList": ["FEDORA:08D3760E6566", "FEDORA:10F7D6255145", "FEDORA:25BDD6190ECF", "FEDORA:29049600CFF3", "FEDORA:29FCE65ECD33", "FEDORA:44065605602A", "FEDORA:4832F6079717", "FEDORA:5D742610B071", "FEDORA:5F9DC60BDC80", "FEDORA:648496077DD1", "FEDORA:6EC6360BEA04", "FEDORA:6F1BC604D0C1", "FEDORA:74245604D4DA", "FEDORA:7640C641CB61", "FEDORA:87BD56087904", "FEDORA:8F974604E846", "FEDORA:909D360491BF", "FEDORA:975D760A94D0", "FEDORA:AB52460321C9", "FEDORA:B395E6087A9D", "FEDORA:B54D264CBCAC", "FEDORA:D6F86601E6D9", "FEDORA:DF5176048167", "FEDORA:E6F08605DCE7"]}, {"type": "ibm", "idList": ["6F75059EBDF719D84C8DC0CA4BAADF9428544BDAFCEEAE62F4225A55CA1E8AF0"]}, {"type": "nessus", "idList": ["AL2_ALAS-2020-1480.NASL", "ALA_ALAS-2018-993.NASL", "CENTOS_RHSA-2018-3083.NASL", "DEBIAN_DSA-4187.NASL", "EULEROS_SA-2019-1505.NASL", "EULEROS_SA-2019-2353.NASL", "FEDORA_2018-BA39FC0E07.NASL", "FEDORA_2018-E378863E47.NASL", "ORACLELINUX_ELSA-2018-3083.NASL", "PHOTONOS_PHSA-2018-1_0-0161.NASL", "PHOTONOS_PHSA-2018-1_0-0161_LINUX.NASL", "PHOTONOS_PHSA-2018-2_0-0072.NASL", "PHOTONOS_PHSA-2018-2_0-0072_LINUX.NASL", "REDHAT-RHSA-2018-3083.NASL", "REDHAT-RHSA-2018-3096.NASL", "SL_20181030_KERNEL_ON_SL7_X.NASL", "UBUNTU_USN-4163-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310704187", "OPENVAS:1361412562310844209", "OPENVAS:1361412562310874290", "OPENVAS:1361412562310874293", "OPENVAS:1361412562310874365", "OPENVAS:1361412562310874366", "OPENVAS:1361412562310874400", "OPENVAS:1361412562310874427", "OPENVAS:1361412562310874606", "OPENVAS:1361412562310874619", "OPENVAS:1361412562310874623", "OPENVAS:1361412562310874647", "OPENVAS:1361412562310874695", "OPENVAS:1361412562310874721", "OPENVAS:1361412562310874751", "OPENVAS:1361412562310874761", "OPENVAS:1361412562310874813", "OPENVAS:1361412562310874890", "OPENVAS:1361412562310874919", "OPENVAS:1361412562310874964", "OPENVAS:1361412562310874998", "OPENVAS:1361412562310875099", "OPENVAS:1361412562310875128", "OPENVAS:1361412562310875170", "OPENVAS:1361412562310875201", "OPENVAS:1361412562310875334", "OPENVAS:1361412562311220191505", "OPENVAS:1361412562311220192353"]}, {"type": "oraclelinux", "idList": ["ELSA-2018-3083"]}, {"type": "osv", "idList": ["OSV:DSA-4187-1"]}, {"type": "photon", "idList": ["PHSA-2018-0072", "PHSA-2018-0161", "PHSA-2018-1.0-0161", "PHSA-2018-2.0-0072"]}, {"type": "redhat", "idList": ["RHSA-2018:3083", "RHSA-2018:3096"]}, {"type": "redhatcve", "idList": ["RH:CVE-2017-18232"]}, {"type": "ubuntu", "idList": ["USN-4163-1", "USN-4163-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2017-18232"]}]}, "score": {"value": 4.5, "vector": "NONE"}, "backreferences": {"references": [{"type": "amazon", "idList": ["ALAS-2018-993"]}, {"type": "centos", "idList": ["CESA-2018:3083"]}, {"type": "debian", "idList": ["DEBIAN:DSA-4187-1:481CA"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2017-18232"]}, {"type": "fedora", "idList": ["FEDORA:08D3760E6566", "FEDORA:10F7D6255145", "FEDORA:25BDD6190ECF", "FEDORA:29049600CFF3", "FEDORA:29FCE65ECD33", "FEDORA:44065605602A", "FEDORA:4832F6079717", "FEDORA:5D742610B071", "FEDORA:5F9DC60BDC80", "FEDORA:648496077DD1", "FEDORA:6EC6360BEA04", "FEDORA:6F1BC604D0C1", "FEDORA:74245604D4DA", "FEDORA:7640C641CB61", "FEDORA:87BD56087904", "FEDORA:8F974604E846", "FEDORA:909D360491BF", "FEDORA:975D760A94D0", "FEDORA:AB52460321C9", "FEDORA:B395E6087A9D", "FEDORA:B54D264CBCAC", "FEDORA:D6F86601E6D9", "FEDORA:DF5176048167", "FEDORA:E6F08605DCE7"]}, {"type": "nessus", "idList": ["EULEROS_SA-2019-1505.NASL", "FEDORA_2018-BA39FC0E07.NASL", "FEDORA_2018-E378863E47.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310844209", "OPENVAS:1361412562310874290", "OPENVAS:1361412562310874293", "OPENVAS:1361412562310875099"]}, {"type": "oraclelinux", "idList": ["ELSA-2018-3083"]}, {"type": "photon", "idList": ["PHSA-2018-1.0-0161", "PHSA-2018-2.0-0072"]}, {"type": "redhat", "idList": ["RHSA-2018:3083"]}, {"type": "ubuntu", "idList": ["USN-4163-1", "USN-4163-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2017-18232"]}]}, "exploitation": null, "affected_software": {"major_version": [{"name": "linux linux kernel", "version": 4}]}, "epss": [{"cve": "CVE-2017-18232", "epss": "0.000420000", "percentile": "0.056350000", "modified": "2023-03-14"}], "vulnersScore": 4.5}, "_state": {"dependencies": 1675872124, "score": 1675872124, "affected_software_major_version": 1677274581, "epss": 1678855003}, "_internal": {"score_hash": "78ae1cab32558e24a7b87588fb0a0767"}, "cna_cvss": {"cna": null, "cvss": {}}, "cpe": ["cpe:/o:linux:linux_kernel:4.15.9"], "cpe23": ["cpe:2.3:o:linux:linux_kernel:4.15.9:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-noinfo"], "affectedSoftware": [{"cpeName": "linux:linux_kernel", "version": "4.15.9", "operator": "le", "name": "linux linux kernel"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:4.15.9:*:*:*:*:*:*:*", "versionEndIncluding": "4.15.9", "cpe_name": []}]}]}, "extraReferences": [{"url": "https://github.com/torvalds/linux/commit/0558f33c06bb910e2879e355192227a8e8f0219d", "name": "https://github.com/torvalds/linux/commit/0558f33c06bb910e2879e355192227a8e8f0219d", "refsource": "MISC", "tags": ["Patch", "Third Party Advisory"]}, {"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0558f33c06bb910e2879e355192227a8e8f0219d", "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0558f33c06bb910e2879e355192227a8e8f0219d", "refsource": "MISC", "tags": ["Patch", "Vendor Advisory"]}, {"url": "http://www.securityfocus.com/bid/103423", "name": "103423", "refsource": "BID", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://www.debian.org/security/2018/dsa-4187", "name": "DSA-4187", "refsource": "DEBIAN", "tags": []}, {"url": "https://access.redhat.com/errata/RHSA-2018:3096", "name": "RHSA-2018:3096", "refsource": "REDHAT", "tags": []}, {"url": "https://access.redhat.com/errata/RHSA-2018:3083", "name": "RHSA-2018:3083", "refsource": "REDHAT", "tags": []}, {"url": "https://usn.ubuntu.com/4163-1/", "name": "USN-4163-1", "refsource": "UBUNTU", "tags": []}, {"url": "https://usn.ubuntu.com/4163-2/", "name": "USN-4163-2", "refsource": "UBUNTU", "tags": []}], "product_info": [{"vendor": "Linux", "product": "Linux_kernel"}]}

{"fedora": [{"lastseen": "2020-12-21T08:17:54", "description": "The kernel meta package ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-03-27T20:18:23", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: kernel-4.15.12-301.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-18232"], "modified": "2018-03-27T20:18:23", "id": "FEDORA:5F9DC60BDC80", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/PB4IJT2U6PA5EF5WE5UBNB6NAY2Z6ZX6/", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "description": "The kernel meta package ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-03-27T19:31:43", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: kernel-4.15.12-201.fc26", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-18232"], "modified": "2018-03-27T19:31:43", "id": "FEDORA:975D760A94D0", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/ZHTSWSNAX47UXWALOOFKC4PXGE4TNM6E/", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "description": "The kernel meta package ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-04-18T01:31:51", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: kernel-4.15.17-300.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000405", "CVE-2017-12193", "CVE-2017-15115", "CVE-2017-16532", "CVE-2017-16538", "CVE-2017-16644", "CVE-2017-16647", "CVE-2017-16649", "CVE-2017-16650", "CVE-2017-17448", "CVE-2017-17449", "CVE-2017-17450", "CVE-2017-17558", "CVE-2017-17712", "CVE-2017-17741", "CVE-2017-17852", "CVE-2017-17853", "CVE-2017-17854", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864", "CVE-2017-18232", "CVE-2017-8824", "CVE-2018-1000004", "CVE-2018-1000026", "CVE-2018-10021", "CVE-2018-1065", "CVE-2018-5332", "CVE-2018-5333", "CVE-2018-5344", "CVE-2018-5750", "CVE-2018-5803", "CVE-2018-7757", "CVE-2018-7995", "CVE-2018-8043"], "modified": "2018-04-18T01:31:51", "id": "FEDORA:74245604D4DA", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/SKS5SHENFBKZBNJZ5A6BMP6JNTK5D4QC/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "description": "The kernel meta package ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-04-29T05:16:13", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: kernel-4.16.4-200.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000405", "CVE-2017-12193", "CVE-2017-15115", "CVE-2017-16532", "CVE-2017-16538", "CVE-2017-16644", "CVE-2017-16647", "CVE-2017-16649", "CVE-2017-16650", "CVE-2017-17448", "CVE-2017-17449", "CVE-2017-17450", "CVE-2017-17558", "CVE-2017-17712", "CVE-2017-17741", "CVE-2017-17852", "CVE-2017-17853", "CVE-2017-17854", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864", "CVE-2017-18232", "CVE-2017-8824", "CVE-2018-1000004", "CVE-2018-1000026", "CVE-2018-10021", "CVE-2018-1065", "CVE-2018-1108", "CVE-2018-5332", "CVE-2018-5333", "CVE-2018-5344", "CVE-2018-5750", "CVE-2018-5803", "CVE-2018-7757", "CVE-2018-7995", "CVE-2018-8043"], "modified": "2018-04-29T05:16:13", "id": "FEDORA:AB52460321C9", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/23BZYWCPCFYSPRRRVNCK6UFYCODGX6GB/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "description": "The kernel meta package ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-05-25T15:46:24", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: kernel-4.16.11-200.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000405", "CVE-2017-12193", "CVE-2017-15115", "CVE-2017-16532", "CVE-2017-16538", "CVE-2017-16644", "CVE-2017-16647", "CVE-2017-16649", "CVE-2017-16650", "CVE-2017-17448", "CVE-2017-17449", "CVE-2017-17450", "CVE-2017-17558", "CVE-2017-17712", "CVE-2017-17741", "CVE-2017-17852", "CVE-2017-17853", "CVE-2017-17854", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864", "CVE-2017-18232", "CVE-2017-8824", "CVE-2018-1000004", "CVE-2018-1000026", "CVE-2018-10021", "CVE-2018-10322", "CVE-2018-10323", "CVE-2018-1065", "CVE-2018-1108", "CVE-2018-1120", "CVE-2018-3639", "CVE-2018-5332", "CVE-2018-5333", "CVE-2018-5344", "CVE-2018-5750", "CVE-2018-5803", "CVE-2018-7757", "CVE-2018-7995", "CVE-2018-8043"], "modified": "2018-05-25T15:46:24", "id": "FEDORA:08D3760E6566", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/Y4XJ6WFI3BA27DJD66OHZX644RGQ7EBV/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "description": "The kernel meta package ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-05-29T11:50:44", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: kernel-4.16.12-200.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000405", "CVE-2017-12193", "CVE-2017-15115", "CVE-2017-16532", "CVE-2017-16538", "CVE-2017-16644", "CVE-2017-16647", "CVE-2017-16649", "CVE-2017-16650", "CVE-2017-17448", "CVE-2017-17449", "CVE-2017-17450", "CVE-2017-17558", "CVE-2017-17712", "CVE-2017-17741", "CVE-2017-17852", "CVE-2017-17853", "CVE-2017-17854", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864", "CVE-2017-18232", "CVE-2017-8824", "CVE-2018-1000004", "CVE-2018-1000026", "CVE-2018-10021", "CVE-2018-10322", "CVE-2018-10323", "CVE-2018-1065", "CVE-2018-10840", "CVE-2018-1108", "CVE-2018-1120", "CVE-2018-3639", "CVE-2018-5332", "CVE-2018-5333", "CVE-2018-5344", "CVE-2018-5750", "CVE-2018-5803", "CVE-2018-7757", "CVE-2018-7995", "CVE-2018-8043"], "modified": "2018-05-29T11:50:44", "id": "FEDORA:E6F08605DCE7", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/YAUGR47M3LDUN54S6SH2OQ3U6U2LS7HA/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "description": "The kernel meta package ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-06-05T14:11:50", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: kernel-4.16.13-200.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000405", "CVE-2017-12193", "CVE-2017-15115", "CVE-2017-16532", "CVE-2017-16538", "CVE-2017-16644", "CVE-2017-16647", "CVE-2017-16649", "CVE-2017-16650", "CVE-2017-17448", "CVE-2017-17449", "CVE-2017-17450", "CVE-2017-17558", "CVE-2017-17712", "CVE-2017-17741", "CVE-2017-17852", "CVE-2017-17853", "CVE-2017-17854", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864", "CVE-2017-18232", "CVE-2017-8824", "CVE-2018-1000004", "CVE-2018-1000026", "CVE-2018-10021", "CVE-2018-10322", "CVE-2018-10323", "CVE-2018-1065", "CVE-2018-10840", "CVE-2018-1108", "CVE-2018-1120", "CVE-2018-11506", "CVE-2018-3639", "CVE-2018-5332", "CVE-2018-5333", "CVE-2018-5344", "CVE-2018-5750", "CVE-2018-5803", "CVE-2018-7757", "CVE-2018-7995", "CVE-2018-8043"], "modified": "2018-06-05T14:11:50", "id": "FEDORA:4832F6079717", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/F32LED4G6QF446ZM5G7MOPFDAP4VB6M2/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "description": "The kernel meta package ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-06-17T19:45:35", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: kernel-4.16.15-200.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000405", "CVE-2017-12193", "CVE-2017-15115", "CVE-2017-16532", "CVE-2017-16538", "CVE-2017-16644", "CVE-2017-16647", "CVE-2017-16649", "CVE-2017-16650", "CVE-2017-17448", "CVE-2017-17449", "CVE-2017-17450", "CVE-2017-17558", "CVE-2017-17712", "CVE-2017-17741", "CVE-2017-17852", "CVE-2017-17853", "CVE-2017-17854", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864", "CVE-2017-18232", "CVE-2017-8824", "CVE-2018-1000004", "CVE-2018-1000026", "CVE-2018-10021", "CVE-2018-10322", "CVE-2018-10323", "CVE-2018-1065", "CVE-2018-10840", "CVE-2018-10853", "CVE-2018-1108", "CVE-2018-1120", "CVE-2018-11506", "CVE-2018-3639", "CVE-2018-5332", "CVE-2018-5333", "CVE-2018-5344", "CVE-2018-5750", "CVE-2018-5803", "CVE-2018-7757", "CVE-2018-7995", "CVE-2018-8043"], "modified": "2018-06-17T19:45:35", "id": "FEDORA:DF5176048167", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/22G4FPLZ4Y2WCMKTQG2WQFPR36Y3V4U4/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "description": "The kernel meta package ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-07-01T01:37:15", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: kernel-4.17.3-100.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000405", "CVE-2017-12193", "CVE-2017-15115", "CVE-2017-16532", "CVE-2017-16538", "CVE-2017-16644", "CVE-2017-16647", "CVE-2017-16649", "CVE-2017-16650", "CVE-2017-17448", "CVE-2017-17449", "CVE-2017-17450", "CVE-2017-17558", "CVE-2017-17712", "CVE-2017-17741", "CVE-2017-17852", "CVE-2017-17853", "CVE-2017-17854", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864", "CVE-2017-18232", "CVE-2017-8824", "CVE-2018-1000004", "CVE-2018-1000026", "CVE-2018-10021", "CVE-2018-10322", "CVE-2018-10323", "CVE-2018-1065", "CVE-2018-10840", "CVE-2018-10853", "CVE-2018-1108", "CVE-2018-1120", "CVE-2018-11506", "CVE-2018-12232", "CVE-2018-12633", "CVE-2018-3639", "CVE-2018-5332", "CVE-2018-5333", "CVE-2018-5344", "CVE-2018-5750", "CVE-2018-5803", "CVE-2018-7757", "CVE-2018-7995", "CVE-2018-8043"], "modified": "2018-07-01T01:37:15", "id": "FEDORA:909D360491BF", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/QGVBVYZZR6UYWHRCMCVLU3DVJMBOYBLP/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "description": "The kernel meta package ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-06-22T14:12:17", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: kernel-4.16.16-200.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000405", "CVE-2017-12193", "CVE-2017-15115", "CVE-2017-16532", "CVE-2017-16538", "CVE-2017-16644", "CVE-2017-16647", "CVE-2017-16649", "CVE-2017-16650", "CVE-2017-17448", "CVE-2017-17449", "CVE-2017-17450", "CVE-2017-17558", "CVE-2017-17712", "CVE-2017-17741", "CVE-2017-17852", "CVE-2017-17853", "CVE-2017-17854", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864", "CVE-2017-18232", "CVE-2017-8824", "CVE-2018-1000004", "CVE-2018-1000026", "CVE-2018-10021", "CVE-2018-10322", "CVE-2018-10323", "CVE-2018-1065", "CVE-2018-10840", "CVE-2018-10853", "CVE-2018-1108", "CVE-2018-1120", "CVE-2018-11506", "CVE-2018-12232", "CVE-2018-3639", "CVE-2018-5332", "CVE-2018-5333", "CVE-2018-5344", "CVE-2018-5750", "CVE-2018-5803", "CVE-2018-7757", "CVE-2018-7995", "CVE-2018-8043"], "modified": "2018-06-22T14:12:17", "id": "FEDORA:10F7D6255145", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/Y5RAP5M7DMT24XOVYRAYT7GRQE5OWLU3/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "description": "The kernel meta package ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-06-28T13:35:42", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: kernel-4.17.2-100.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000405", "CVE-2017-12193", "CVE-2017-15115", "CVE-2017-16532", "CVE-2017-16538", "CVE-2017-16644", "CVE-2017-16647", "CVE-2017-16649", "CVE-2017-16650", "CVE-2017-17448", "CVE-2017-17449", "CVE-2017-17450", "CVE-2017-17558", "CVE-2017-17712", "CVE-2017-17741", "CVE-2017-17852", "CVE-2017-17853", "CVE-2017-17854", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864", "CVE-2017-18232", "CVE-2017-8824", "CVE-2018-1000004", "CVE-2018-1000026", "CVE-2018-10021", "CVE-2018-10322", "CVE-2018-10323", "CVE-2018-1065", "CVE-2018-10840", "CVE-2018-10853", "CVE-2018-1108", "CVE-2018-1120", "CVE-2018-11506", "CVE-2018-12232", "CVE-2018-12904", "CVE-2018-3639", "CVE-2018-5332", "CVE-2018-5333", "CVE-2018-5344", "CVE-2018-5750", "CVE-2018-5803", "CVE-2018-7757", "CVE-2018-7995", "CVE-2018-8043"], "modified": "2018-06-28T13:35:42", "id": "FEDORA:25BDD6190ECF", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/S2V7GQIYQYXQJNRX5DEJNNO6YKOHQC42/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-28T14:46:50", "description": "The kernel meta package ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-08-03T19:58:28", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: kernel-4.17.11-100.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000405", "CVE-2017-12193", "CVE-2017-15115", "CVE-2017-16532", "CVE-2017-16538", "CVE-2017-16644", "CVE-2017-16647", "CVE-2017-16649", "CVE-2017-16650", "CVE-2017-17448", "CVE-2017-17449", "CVE-2017-17450", "CVE-2017-17558", "CVE-2017-17712", "CVE-2017-17741", "CVE-2017-17852", "CVE-2017-17853", "CVE-2017-17854", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864", "CVE-2017-18232", "CVE-2017-8824", "CVE-2018-1000004", "CVE-2018-1000026", "CVE-2018-10021", "CVE-2018-10322", "CVE-2018-10323", "CVE-2018-1065", "CVE-2018-10840", "CVE-2018-10853", "CVE-2018-1108", "CVE-2018-1120", "CVE-2018-11506", "CVE-2018-12232", "CVE-2018-12633", "CVE-2018-12714", "CVE-2018-12896", "CVE-2018-13053", "CVE-2018-13093", "CVE-2018-13094", "CVE-2018-13095", "CVE-2018-13405", "CVE-2018-14678", "CVE-2018-3639", "CVE-2018-5332", "CVE-2018-5333", "CVE-2018-5344", "CVE-2018-5750", "CVE-2018-5803", "CVE-2018-7757", "CVE-2018-7995", "CVE-2018-8043"], "modified": "2018-08-03T19:58:28", "id": "FEDORA:B54D264CBCAC", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/K3AQDHJH4EQZ2WK343QWMUIUUHBY6PQ4/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "description": "The kernel meta package ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-07-13T16:38:23", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: kernel-4.17.5-100.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000405", "CVE-2017-12193", "CVE-2017-15115", "CVE-2017-16532", "CVE-2017-16538", "CVE-2017-16644", "CVE-2017-16647", "CVE-2017-16649", "CVE-2017-16650", "CVE-2017-17448", "CVE-2017-17449", "CVE-2017-17450", "CVE-2017-17558", "CVE-2017-17712", "CVE-2017-17741", "CVE-2017-17852", "CVE-2017-17853", "CVE-2017-17854", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864", "CVE-2017-18232", "CVE-2017-8824", "CVE-2018-1000004", "CVE-2018-1000026", "CVE-2018-10021", "CVE-2018-10322", "CVE-2018-10323", "CVE-2018-1065", "CVE-2018-10840", "CVE-2018-10853", "CVE-2018-1108", "CVE-2018-1120", "CVE-2018-11506", "CVE-2018-12232", "CVE-2018-12633", "CVE-2018-12714", "CVE-2018-12896", "CVE-2018-13053", "CVE-2018-13093", "CVE-2018-13094", "CVE-2018-13095", "CVE-2018-13405", "CVE-2018-13406", "CVE-2018-3639", "CVE-2018-5332", "CVE-2018-5333", "CVE-2018-5344", "CVE-2018-5750", "CVE-2018-5803", "CVE-2018-7757", "CVE-2018-7995", "CVE-2018-8043"], "modified": "2018-07-13T16:38:23", "id": "FEDORA:29FCE65ECD33", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/VOZHI2THAILWJPPQV3NONSSGW7WEZHWA/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-28T14:46:50", "description": "The kernel meta package ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-08-09T16:53:05", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: kernel-4.17.12-100.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000405", "CVE-2017-12193", "CVE-2017-15115", "CVE-2017-16532", "CVE-2017-16538", "CVE-2017-16644", "CVE-2017-16647", "CVE-2017-16649", "CVE-2017-16650", "CVE-2017-17448", "CVE-2017-17449", "CVE-2017-17450", "CVE-2017-17558", "CVE-2017-17712", "CVE-2017-17741", "CVE-2017-17852", "CVE-2017-17853", "CVE-2017-17854", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864", "CVE-2017-18232", "CVE-2017-8824", "CVE-2018-1000004", "CVE-2018-1000026", "CVE-2018-10021", "CVE-2018-10322", "CVE-2018-10323", "CVE-2018-1065", "CVE-2018-10840", "CVE-2018-10853", "CVE-2018-1108", "CVE-2018-1120", "CVE-2018-11506", "CVE-2018-12232", "CVE-2018-12633", "CVE-2018-12714", "CVE-2018-12896", "CVE-2018-13053", "CVE-2018-13093", "CVE-2018-13094", "CVE-2018-13095", "CVE-2018-13405", "CVE-2018-14678", "CVE-2018-14734", "CVE-2018-3639", "CVE-2018-5332", "CVE-2018-5333", "CVE-2018-5344", "CVE-2018-5750", "CVE-2018-5803", "CVE-2018-7757", "CVE-2018-7995", "CVE-2018-8043"], "modified": "2018-08-09T16:53:05", "id": "FEDORA:6EC6360BEA04", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/E2UJZBTWLH7WHZLJ6CMPDARHBP5OQRHT/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-28T14:46:50", "description": "The kernel meta package ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-08-16T07:24:55", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: kernel-4.17.14-102.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000405", "CVE-2017-12193", "CVE-2017-15115", "CVE-2017-16532", "CVE-2017-16538", "CVE-2017-16644", "CVE-2017-16647", "CVE-2017-16649", "CVE-2017-16650", "CVE-2017-17448", "CVE-2017-17449", "CVE-2017-17450", "CVE-2017-17558", "CVE-2017-17712", "CVE-2017-17741", "CVE-2017-17852", "CVE-2017-17853", "CVE-2017-17854", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864", "CVE-2017-18232", "CVE-2017-8824", "CVE-2018-1000004", "CVE-2018-1000026", "CVE-2018-10021", "CVE-2018-10322", "CVE-2018-10323", "CVE-2018-1065", "CVE-2018-10840", "CVE-2018-10853", "CVE-2018-1108", "CVE-2018-1120", "CVE-2018-11506", "CVE-2018-12232", "CVE-2018-12633", "CVE-2018-12714", "CVE-2018-12896", "CVE-2018-13053", "CVE-2018-13093", "CVE-2018-13094", "CVE-2018-13095", "CVE-2018-13405", "CVE-2018-14678", "CVE-2018-14734", "CVE-2018-3620", "CVE-2018-3639", "CVE-2018-3646", "CVE-2018-5332", "CVE-2018-5333", "CVE-2018-5344", "CVE-2018-5750", "CVE-2018-5803", "CVE-2018-7757", "CVE-2018-7995", "CVE-2018-8043"], "modified": "2018-08-16T07:24:55", "id": "FEDORA:7640C641CB61", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/XRFKQWYV2H4BV75CUNGCGE5TNVQCLBGZ/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "description": "The kernel meta package ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-05-29T11:10:03", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: kernel-4.16.11-100.fc26", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000111", "CVE-2017-1000112", "CVE-2017-1000251", "CVE-2017-1000255", "CVE-2017-1000405", "CVE-2017-10810", "CVE-2017-12134", "CVE-2017-12153", "CVE-2017-12154", "CVE-2017-12190", "CVE-2017-12193", "CVE-2017-13693", "CVE-2017-13694", "CVE-2017-13695", "CVE-2017-14051", "CVE-2017-14497", "CVE-2017-14954", "CVE-2017-15115", "CVE-2017-15265", "CVE-2017-16532", "CVE-2017-16538", "CVE-2017-16644", "CVE-2017-16647", "CVE-2017-16649", "CVE-2017-16650", "CVE-2017-17448", "CVE-2017-17449", "CVE-2017-17450", "CVE-2017-17558", "CVE-2017-17712", "CVE-2017-17741", "CVE-2017-17852", "CVE-2017-17853", "CVE-2017-17854", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864", "CVE-2017-18232", "CVE-2017-5123", "CVE-2017-7533", "CVE-2017-7558", "CVE-2017-8824", "CVE-2018-1000004", "CVE-2018-1000026", "CVE-2018-10021", "CVE-2018-10322", "CVE-2018-10323", "CVE-2018-1065", "CVE-2018-1108", "CVE-2018-1120", "CVE-2018-3639", "CVE-2018-5332", "CVE-2018-5333", "CVE-2018-5344", "CVE-2018-5750", "CVE-2018-5803", "CVE-2018-7757", "CVE-2018-7995", "CVE-2018-8043"], "modified": "2018-05-29T11:10:03", "id": "FEDORA:44065605602A", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/6U7NCPMTQKKHLC4ZHQCTLYN4LCP2JQ4C/", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-07-28T14:46:50", "description": "The kernel meta package ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-09-26T20:18:44", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: kernel-4.18.9-100.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000405", "CVE-2017-12193", "CVE-2017-15115", "CVE-2017-16532", "CVE-2017-16538", "CVE-2017-16644", "CVE-2017-16647", "CVE-2017-16649", "CVE-2017-16650", "CVE-2017-17448", "CVE-2017-17449", "CVE-2017-17450", "CVE-2017-17558", "CVE-2017-17712", "CVE-2017-17741", "CVE-2017-17852", "CVE-2017-17853", "CVE-2017-17854", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864", "CVE-2017-18232", "CVE-2017-8824", "CVE-2018-1000004", "CVE-2018-1000026", "CVE-2018-10021", "CVE-2018-10322", "CVE-2018-10323", "CVE-2018-1065", "CVE-2018-10840", "CVE-2018-10853", "CVE-2018-1108", "CVE-2018-1120", "CVE-2018-11506", "CVE-2018-12232", "CVE-2018-12633", "CVE-2018-12714", "CVE-2018-12896", "CVE-2018-13053", "CVE-2018-13093", "CVE-2018-13094", "CVE-2018-13095", "CVE-2018-13405", "CVE-2018-14678", "CVE-2018-14734", "CVE-2018-15471", "CVE-2018-17182", "CVE-2018-3620", "CVE-2018-3639", "CVE-2018-3646", "CVE-2018-5332", "CVE-2018-5333", "CVE-2018-5344", "CVE-2018-5391", "CVE-2018-5750", "CVE-2018-5803", "CVE-2018-7757", "CVE-2018-7995", "CVE-2018-8043"], "modified": "2018-09-26T20:18:44", "id": "FEDORA:87BD56087904", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/DKESRJO5EIBN6QFG4PO463OGQRU6HFOF/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "description": "The kernel meta package ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-04-18T01:07:00", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: kernel-4.15.17-200.fc26", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000111", "CVE-2017-1000112", "CVE-2017-1000251", "CVE-2017-1000255", "CVE-2017-1000405", "CVE-2017-10810", "CVE-2017-12134", "CVE-2017-12153", "CVE-2017-12154", "CVE-2017-12190", "CVE-2017-12193", "CVE-2017-13693", "CVE-2017-13694", "CVE-2017-13695", "CVE-2017-14051", "CVE-2017-14497", "CVE-2017-14954", "CVE-2017-15115", "CVE-2017-15265", "CVE-2017-16532", "CVE-2017-16538", "CVE-2017-16644", "CVE-2017-16647", "CVE-2017-16649", "CVE-2017-16650", "CVE-2017-17448", "CVE-2017-17449", "CVE-2017-17450", "CVE-2017-17558", "CVE-2017-17712", "CVE-2017-17741", "CVE-2017-17852", "CVE-2017-17853", "CVE-2017-17854", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864", "CVE-2017-18232", "CVE-2017-5123", "CVE-2017-7533", "CVE-2017-7558", "CVE-2017-8824", "CVE-2018-1000004", "CVE-2018-1000026", "CVE-2018-10021", "CVE-2018-1065", "CVE-2018-5332", "CVE-2018-5333", "CVE-2018-5344", "CVE-2018-5750", "CVE-2018-5803", "CVE-2018-7757", "CVE-2018-7995", "CVE-2018-8043"], "modified": "2018-04-18T01:07:00", "id": "FEDORA:6F1BC604D0C1", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/3MAKT7ZDC6T4B52QFNRBYKWU75JMUX5C/", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-07-28T14:46:50", "description": "The kernel meta package ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-08-24T07:16:18", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: kernel-4.17.17-100.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000405", "CVE-2017-12193", "CVE-2017-15115", "CVE-2017-16532", "CVE-2017-16538", "CVE-2017-16644", "CVE-2017-16647", "CVE-2017-16649", "CVE-2017-16650", "CVE-2017-17448", "CVE-2017-17449", "CVE-2017-17450", "CVE-2017-17558", "CVE-2017-17712", "CVE-2017-17741", "CVE-2017-17852", "CVE-2017-17853", "CVE-2017-17854", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864", "CVE-2017-18232", "CVE-2017-8824", "CVE-2018-1000004", "CVE-2018-1000026", "CVE-2018-10021", "CVE-2018-10322", "CVE-2018-10323", "CVE-2018-1065", "CVE-2018-10840", "CVE-2018-10853", "CVE-2018-1108", "CVE-2018-1120", "CVE-2018-11506", "CVE-2018-12232", "CVE-2018-12633", "CVE-2018-12714", "CVE-2018-12896", "CVE-2018-13053", "CVE-2018-13093", "CVE-2018-13094", "CVE-2018-13095", "CVE-2018-13405", "CVE-2018-14678", "CVE-2018-14734", "CVE-2018-15471", "CVE-2018-3620", "CVE-2018-3639", "CVE-2018-3646", "CVE-2018-5332", "CVE-2018-5333", "CVE-2018-5344", "CVE-2018-5750", "CVE-2018-5803", "CVE-2018-7757", "CVE-2018-7995", "CVE-2018-8043"], "modified": "2018-08-24T07:16:18", "id": "FEDORA:5D742610B071", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/2PWPRVELTRP4X6YB4R6SW3K356ROV3BE/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "description": "The kernel meta package ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-05-11T17:46:05", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: kernel-4.16.7-100.fc26", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000111", "CVE-2017-1000112", "CVE-2017-1000251", "CVE-2017-1000255", "CVE-2017-1000405", "CVE-2017-10810", "CVE-2017-12134", "CVE-2017-12153", "CVE-2017-12154", "CVE-2017-12190", "CVE-2017-12193", "CVE-2017-13693", "CVE-2017-13694", "CVE-2017-13695", "CVE-2017-14051", "CVE-2017-14497", "CVE-2017-14954", "CVE-2017-15115", "CVE-2017-15265", "CVE-2017-16532", "CVE-2017-16538", "CVE-2017-16644", "CVE-2017-16647", "CVE-2017-16649", "CVE-2017-16650", "CVE-2017-17448", "CVE-2017-17449", "CVE-2017-17450", "CVE-2017-17558", "CVE-2017-17712", "CVE-2017-17741", "CVE-2017-17852", "CVE-2017-17853", "CVE-2017-17854", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864", "CVE-2017-18232", "CVE-2017-5123", "CVE-2017-7533", "CVE-2017-7558", "CVE-2017-8824", "CVE-2018-1000004", "CVE-2018-1000026", "CVE-2018-10021", "CVE-2018-1065", "CVE-2018-1108", "CVE-2018-5332", "CVE-2018-5333", "CVE-2018-5344", "CVE-2018-5750", "CVE-2018-5803", "CVE-2018-7757", "CVE-2018-7995", "CVE-2018-8043"], "modified": "2018-05-11T17:46:05", "id": "FEDORA:648496077DD1", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/HM3JVAHYMEV65VTITHNUM7JTHTN7Q53I/", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-07-28T14:46:50", "description": "The kernel meta package ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-10-10T21:55:37", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: kernel-4.18.12-100.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000405", "CVE-2017-12193", "CVE-2017-15115", "CVE-2017-16532", "CVE-2017-16538", "CVE-2017-16644", "CVE-2017-16647", "CVE-2017-16649", "CVE-2017-16650", "CVE-2017-17448", "CVE-2017-17449", "CVE-2017-17450", "CVE-2017-17558", "CVE-2017-17712", "CVE-2017-17741", "CVE-2017-17852", "CVE-2017-17853", "CVE-2017-17854", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864", "CVE-2017-18232", "CVE-2017-8824", "CVE-2018-1000004", "CVE-2018-1000026", "CVE-2018-10021", "CVE-2018-10322", "CVE-2018-10323", "CVE-2018-1065", "CVE-2018-10840", "CVE-2018-10853", "CVE-2018-1108", "CVE-2018-1120", "CVE-2018-11506", "CVE-2018-12232", "CVE-2018-12633", "CVE-2018-12714", "CVE-2018-12896", "CVE-2018-13053", "CVE-2018-13093", "CVE-2018-13094", "CVE-2018-13095", "CVE-2018-13405", "CVE-2018-14633", "CVE-2018-14678", "CVE-2018-14734", "CVE-2018-15471", "CVE-2018-17182", "CVE-2018-18021", "CVE-2018-3620", "CVE-2018-3639", "CVE-2018-3646", "CVE-2018-5332", "CVE-2018-5333", "CVE-2018-5344", "CVE-2018-5391", "CVE-2018-5750", "CVE-2018-5803", "CVE-2018-7757", "CVE-2018-7995", "CVE-2018-8043"], "modified": "2018-10-10T21:55:37", "id": "FEDORA:D6F86601E6D9", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/RKOLTEPUDYGM4MZIFXROKL3WL6JRMXZE/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-28T14:46:50", "description": "The kernel meta package ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-10-16T12:10:24", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: kernel-4.18.13-100.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000405", "CVE-2017-12193", "CVE-2017-15115", "CVE-2017-16532", "CVE-2017-16538", "CVE-2017-16644", "CVE-2017-16647", "CVE-2017-16649", "CVE-2017-16650", "CVE-2017-17448", "CVE-2017-17449", "CVE-2017-17450", "CVE-2017-17558", "CVE-2017-17712", "CVE-2017-17741", "CVE-2017-17852", "CVE-2017-17853", "CVE-2017-17854", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864", "CVE-2017-18232", "CVE-2017-8824", "CVE-2018-1000004", "CVE-2018-1000026", "CVE-2018-10021", "CVE-2018-10322", "CVE-2018-10323", "CVE-2018-1065", "CVE-2018-10840", "CVE-2018-10853", "CVE-2018-1108", "CVE-2018-1120", "CVE-2018-11506", "CVE-2018-12232", "CVE-2018-12633", "CVE-2018-12714", "CVE-2018-12896", "CVE-2018-13053", "CVE-2018-13093", "CVE-2018-13094", "CVE-2018-13095", "CVE-2018-13405", "CVE-2018-14633", "CVE-2018-14678", "CVE-2018-14734", "CVE-2018-15471", "CVE-2018-17182", "CVE-2018-17972", "CVE-2018-3620", "CVE-2018-3639", "CVE-2018-3646", "CVE-2018-5332", "CVE-2018-5333", "CVE-2018-5344", "CVE-2018-5391", "CVE-2018-5750", "CVE-2018-5803", "CVE-2018-7757", "CVE-2018-7995", "CVE-2018-8043"], "modified": "2018-10-16T12:10:24", "id": "FEDORA:29049600CFF3", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/ACX4WW5ZZ3PNMAEPZVJGMZ2D2BYHVMUD/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-28T14:46:50", "description": "The kernel meta package ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-10-01T01:23:43", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: kernel-4.18.10-100.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000405", "CVE-2017-12193", "CVE-2017-15115", "CVE-2017-16532", "CVE-2017-16538", "CVE-2017-16644", "CVE-2017-16647", "CVE-2017-16649", "CVE-2017-16650", "CVE-2017-17448", "CVE-2017-17449", "CVE-2017-17450", "CVE-2017-17558", "CVE-2017-17712", "CVE-2017-17741", "CVE-2017-17852", "CVE-2017-17853", "CVE-2017-17854", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864", "CVE-2017-18232", "CVE-2017-8824", "CVE-2018-1000004", "CVE-2018-1000026", "CVE-2018-10021", "CVE-2018-10322", "CVE-2018-10323", "CVE-2018-1065", "CVE-2018-10840", "CVE-2018-10853", "CVE-2018-1108", "CVE-2018-1120", "CVE-2018-11506", "CVE-2018-12232", "CVE-2018-12633", "CVE-2018-12714", "CVE-2018-12896", "CVE-2018-13053", "CVE-2018-13093", "CVE-2018-13094", "CVE-2018-13095", "CVE-2018-13405", "CVE-2018-14633", "CVE-2018-14678", "CVE-2018-14734", "CVE-2018-15471", "CVE-2018-17182", "CVE-2018-3620", "CVE-2018-3639", "CVE-2018-3646", "CVE-2018-5332", "CVE-2018-5333", "CVE-2018-5344", "CVE-2018-5391", "CVE-2018-5750", "CVE-2018-5803", "CVE-2018-7757", "CVE-2018-7995", "CVE-2018-8043"], "modified": "2018-10-01T01:23:43", "id": "FEDORA:8F974604E846", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/3KRIRC4X5WWFMPBCO7YX3WEQQGQBGTNO/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-28T14:46:50", "description": "The kernel meta package ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-11-27T03:13:40", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: kernel-4.18.19-100.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000405", "CVE-2017-12193", "CVE-2017-15115", "CVE-2017-16532", "CVE-2017-16538", "CVE-2017-16644", "CVE-2017-16647", "CVE-2017-16649", "CVE-2017-16650", "CVE-2017-17448", "CVE-2017-17449", "CVE-2017-17450", "CVE-2017-17558", "CVE-2017-17712", "CVE-2017-17741", "CVE-2017-17852", "CVE-2017-17853", "CVE-2017-17854", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864", "CVE-2017-18232", "CVE-2017-8824", "CVE-2018-1000004", "CVE-2018-1000026", "CVE-2018-10021", "CVE-2018-10322", "CVE-2018-10323", "CVE-2018-1065", "CVE-2018-10840", "CVE-2018-10853", "CVE-2018-1108", "CVE-2018-1120", "CVE-2018-11506", "CVE-2018-12232", "CVE-2018-12633", "CVE-2018-12714", "CVE-2018-12896", "CVE-2018-13053", "CVE-2018-13093", "CVE-2018-13094", "CVE-2018-13095", "CVE-2018-13405", "CVE-2018-14633", "CVE-2018-14678", "CVE-2018-14734", "CVE-2018-15471", "CVE-2018-17182", "CVE-2018-18710", "CVE-2018-3620", "CVE-2018-3639", "CVE-2018-3646", "CVE-2018-5332", "CVE-2018-5333", "CVE-2018-5344", "CVE-2018-5391", "CVE-2018-5750", "CVE-2018-5803", "CVE-2018-7757", "CVE-2018-7995", "CVE-2018-8043"], "modified": "2018-11-27T03:13:40", "id": "FEDORA:B395E6087A9D", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/2OZHJB75FAIL6GZIEXPM735EW43TAV37/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntucve": [{"lastseen": "2022-08-04T13:51:22", "description": "The Serial Attached SCSI (SAS) implementation in the Linux kernel through\n4.15.9 mishandles a mutex within libsas, which allows local users to cause\na denial of service (deadlock) by triggering certain error-handling code.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-03-15T00:00:00", "type": "ubuntucve", "title": "CVE-2017-18232", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-18232"], "modified": "2018-03-15T00:00:00", "id": "UB:CVE-2017-18232", "href": "https://ubuntu.com/security/CVE-2017-18232", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2023-01-11T14:43:18", "description": "Incremental update to fix kernel-devel issues.\n\n----\n\nThe 4.15.12 update contains a variety of fixes across the tree.\n\n----\n\nThe 4.15.11 update contains a number of important fixes across the tree\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-03-28T00:00:00", "type": "nessus", "title": "Fedora 26 : kernel (2018-ba39fc0e07)", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-18232"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:26"], "id": "FEDORA_2018-BA39FC0E07.NASL", "href": "https://www.tenable.com/plugins/nessus/108673", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-ba39fc0e07.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(108673);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-18232\");\n script_xref(name:\"FEDORA\", value:\"2018-ba39fc0e07\");\n\n script_name(english:\"Fedora 26 : kernel (2018-ba39fc0e07)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Incremental update to fix kernel-devel issues.\n\n----\n\nThe 4.15.12 update contains a variety of fixes across the tree.\n\n----\n\nThe 4.15.11 update contains a number of important fixes across the\ntree\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-ba39fc0e07\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-18232\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2018-ba39fc0e07\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"kernel-4.15.12-201.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:42:19", "description": "Incremental update to fix kernel-devel issues.\n\n----\n\nThe 4.15.12 update contains numerous fixes across the tree.\n\n----\n\nThe 4.15.11 update contains a number of important fixes across the tree\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-03-28T00:00:00", "type": "nessus", "title": "Fedora 27 : kernel (2018-e378863e47)", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-18232"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:27"], "id": "FEDORA_2018-E378863E47.NASL", "href": "https://www.tenable.com/plugins/nessus/108677", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-e378863e47.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(108677);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-18232\");\n script_xref(name:\"FEDORA\", value:\"2018-e378863e47\");\n\n script_name(english:\"Fedora 27 : kernel (2018-e378863e47)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Incremental update to fix kernel-devel issues.\n\n----\n\nThe 4.15.12 update contains numerous fixes across the tree.\n\n----\n\nThe 4.15.11 update contains a number of important fixes across the\ntree\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-e378863e47\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:27\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^27([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 27\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-18232\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2018-e378863e47\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC27\", reference:\"kernel-4.15.12-301.fc27\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-26T14:34:28", "description": "An update of the linux package has been released.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-02-07T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Linux PHSA-2018-1.0-0161", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-18232", "CVE-2018-10323"], "modified": "2019-02-07T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:linux", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2018-1_0-0161_LINUX.NASL", "href": "https://www.tenable.com/plugins/nessus/121857", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2018-1.0-0161. The text\n# itself is copyright (C) VMware, Inc.\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(121857);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2019/02/07\");\n\n script_cve_id(\"CVE-2017-18232\", \"CVE-2018-10323\");\n\n script_name(english:\"Photon OS 1.0: Linux PHSA-2018-1.0-0161\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the linux package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-1.0-161.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-10323\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-4.4.139-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-4.4.139-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-debuginfo-4.4.139-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-debuginfo-4.4.139-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-dev-4.4.139-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-dev-4.4.139-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-docs-4.4.139-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-docs-4.4.139-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-drivers-gpu-4.4.139-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-drivers-gpu-4.4.139-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-esx-4.4.139-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-esx-4.4.139-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-esx-debuginfo-4.4.139-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-esx-debuginfo-4.4.139-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-esx-devel-4.4.139-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-esx-devel-4.4.139-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-esx-docs-4.4.139-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-esx-docs-4.4.139-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-oprofile-4.4.139-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-oprofile-4.4.139-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-sound-4.4.139-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-sound-4.4.139-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-tools-4.4.139-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-tools-4.4.139-2.ph1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-26T14:44:22", "description": "An update of 'linux', 'linux-esx' packages of Photon OS has been released.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-08-17T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Linux PHSA-2018-1.0-0161 (deprecated)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-18232", "CVE-2018-10323"], "modified": "2019-02-07T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:linux", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2018-1_0-0161.NASL", "href": "https://www.tenable.com/plugins/nessus/111943", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# @DEPRECATED@\n#\n# Disabled on 2/7/2019\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2018-1.0-0161. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(111943);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/02/07 18:59:50\");\n\n script_cve_id(\"CVE-2017-18232\", \"CVE-2018-10323\");\n\n script_name(english:\"Photon OS 1.0: Linux PHSA-2018-1.0-0161 (deprecated)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"This plugin has been deprecated.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of 'linux', 'linux-esx' packages of Photon OS has been\nreleased.\");\n # https://github.com/vmware/photon/wiki/Security-Updates-1.0-161\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f3300528\");\n script_set_attribute(attribute:\"solution\", value:\"n/a.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-10323\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/08/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\nexit(0, \"This plugin has been deprecated.\");\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\npkgs = [\n \"linux-4.4.139-2.ph1\",\n \"linux-debuginfo-4.4.139-2.ph1\",\n \"linux-dev-4.4.139-2.ph1\",\n \"linux-docs-4.4.139-2.ph1\",\n \"linux-drivers-gpu-4.4.139-2.ph1\",\n \"linux-esx-4.4.139-2.ph1\",\n \"linux-esx-debuginfo-4.4.139-2.ph1\",\n \"linux-esx-devel-4.4.139-2.ph1\",\n \"linux-esx-docs-4.4.139-2.ph1\",\n \"linux-oprofile-4.4.139-2.ph1\",\n \"linux-sound-4.4.139-2.ph1\",\n \"linux-tools-4.4.139-2.ph1\"\n];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"PhotonOS-1.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-11T14:48:55", "description": "An update of 'linux-aws', 'linux', 'linux-esx', 'linux-secure' packages of Photon OS has been released.", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.0, "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-08-17T00:00:00", "type": "nessus", "title": "Photon OS 2.0: Linux PHSA-2018-2.0-0072 (deprecated)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-18232", "CVE-2017-18249", "CVE-2018-10323"], "modified": "2019-02-07T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:linux", "cpe:/o:vmware:photonos:2.0"], "id": "PHOTONOS_PHSA-2018-2_0-0072.NASL", "href": "https://www.tenable.com/plugins/nessus/111956", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# @DEPRECATED@\n#\n# Disabled on 2/7/2019\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2018-2.0-0072. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(111956);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/02/07 18:59:51\");\n\n script_cve_id(\"CVE-2017-18232\", \"CVE-2017-18249\", \"CVE-2018-10323\");\n\n script_name(english:\"Photon OS 2.0: Linux PHSA-2018-2.0-0072 (deprecated)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"This plugin has been deprecated.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of 'linux-aws', 'linux', 'linux-esx', 'linux-secure'\npackages of Photon OS has been released.\");\n # https://github.com/vmware/photon/wiki/Security-Updates-2-72\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?80c5dd65\");\n script_set_attribute(attribute:\"solution\", value:\"n/a.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-10323\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/08/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\nexit(0, \"This plugin has been deprecated.\");\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 2.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\npkgs = [\n \"linux-4.9.111-3.ph2\",\n \"linux-aws-4.9.111-3.ph2\",\n \"linux-aws-debuginfo-4.9.111-3.ph2\",\n \"linux-aws-devel-4.9.111-3.ph2\",\n \"linux-aws-docs-4.9.111-3.ph2\",\n \"linux-aws-drivers-gpu-4.9.111-3.ph2\",\n \"linux-aws-oprofile-4.9.111-3.ph2\",\n \"linux-aws-sound-4.9.111-3.ph2\",\n \"linux-aws-tools-4.9.111-3.ph2\",\n \"linux-debuginfo-4.9.111-3.ph2\",\n \"linux-devel-4.9.111-3.ph2\",\n \"linux-docs-4.9.111-3.ph2\",\n \"linux-drivers-gpu-4.9.111-3.ph2\",\n \"linux-esx-4.9.111-2.ph2\",\n \"linux-esx-debuginfo-4.9.111-2.ph2\",\n \"linux-esx-devel-4.9.111-2.ph2\",\n \"linux-esx-docs-4.9.111-2.ph2\",\n \"linux-oprofile-4.9.111-3.ph2\",\n \"linux-secure-4.9.111-2.ph2\",\n \"linux-secure-debuginfo-4.9.111-2.ph2\",\n \"linux-secure-devel-4.9.111-2.ph2\",\n \"linux-secure-docs-4.9.111-2.ph2\",\n \"linux-secure-lkcm-4.9.111-2.ph2\",\n \"linux-sound-4.9.111-3.ph2\",\n \"linux-tools-4.9.111-3.ph2\"\n];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"PhotonOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-11T14:45:11", "description": "Missing length check of payload in net/sctp/sm_make_chunk.c:_sctp_make_chunk() function allows denial of service :\n\nAn error in the '_sctp_make_chunk()' function (net/sctp/sm_make_chunk.c) when handling SCTP, packet length can be exploited by a malicious local user to cause a kernel crash and a DoS.\n(CVE-2018-5803)\n\nMishandling mutex within libsas allowing local Denial of Service\n\nThe Serial Attached SCSI (SAS) implementation in the Linux kernel mishandles a mutex within libsas. This allows local users to cause a denial of service (deadlock) by triggering certain error-handling code. (CVE-2017-18232)\n\nA flaw was found in the Linux kernel's client-side implementation of the cifs protocol. This flaw allows an attacker controlling the server to kernel panic a client which has the CIFS server mounted.(CVE-2018-1066)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2018-04-20T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : kernel (ALAS-2018-993)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-18232", "CVE-2018-1066", "CVE-2018-5803"], "modified": "2018-05-11T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-doc", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2018-993.NASL", "href": "https://www.tenable.com/plugins/nessus/109183", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2018-993.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(109183);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/05/11 12:23:25\");\n\n script_cve_id(\"CVE-2017-18232\", \"CVE-2018-1066\", \"CVE-2018-5803\");\n script_xref(name:\"ALAS\", value:\"2018-993\");\n\n script_name(english:\"Amazon Linux AMI : kernel (ALAS-2018-993)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Missing length check of payload in\nnet/sctp/sm_make_chunk.c:_sctp_make_chunk() function allows denial of\nservice :\n\nAn error in the '_sctp_make_chunk()' function\n(net/sctp/sm_make_chunk.c) when handling SCTP, packet length can be\nexploited by a malicious local user to cause a kernel crash and a DoS.\n(CVE-2018-5803)\n\nMishandling mutex within libsas allowing local Denial of Service\n\nThe Serial Attached SCSI (SAS) implementation in the Linux kernel\nmishandles a mutex within libsas. This allows local users to cause a\ndenial of service (deadlock) by triggering certain error-handling\ncode. (CVE-2017-18232)\n\nA flaw was found in the Linux kernel's client-side implementation of\nthe cifs protocol. This flaw allows an attacker controlling the server\nto kernel panic a client which has the CIFS server\nmounted.(CVE-2018-1066)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2018-993.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update kernel' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"kernel-4.9.93-41.60.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-debuginfo-4.9.93-41.60.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", cpu:\"i686\", reference:\"kernel-debuginfo-common-i686-4.9.93-41.60.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-4.9.93-41.60.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-devel-4.9.93-41.60.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-doc-4.9.93-41.60.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-headers-4.9.93-41.60.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-4.9.93-41.60.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-debuginfo-4.9.93-41.60.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-devel-4.9.93-41.60.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perf-4.9.93-41.60.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perf-debuginfo-4.9.93-41.60.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debuginfo / kernel-debuginfo-common-i686 / etc\");\n}\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-11T14:48:21", "description": "An update of the linux package has been released.", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.0, "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-02-07T00:00:00", "type": "nessus", "title": "Photon OS 2.0: Linux PHSA-2018-2.0-0072", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-18232", "CVE-2017-18249", "CVE-2018-10323"], "modified": "2019-02-07T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:linux", "cpe:/o:vmware:photonos:2.0"], "id": "PHOTONOS_PHSA-2018-2_0-0072_LINUX.NASL", "href": "https://www.tenable.com/plugins/nessus/121966", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2018-2.0-0072. The text\n# itself is copyright (C) VMware, Inc.\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(121966);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2019/02/07\");\n\n script_cve_id(\"CVE-2017-18232\", \"CVE-2017-18249\", \"CVE-2018-10323\");\n\n script_name(english:\"Photon OS 2.0: Linux PHSA-2018-2.0-0072\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the linux package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-2-72.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-18249\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 2.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-4.9.111-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-4.9.111-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-4.9.111-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-aws-4.9.111-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-aws-debuginfo-4.9.111-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-aws-devel-4.9.111-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-aws-docs-4.9.111-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-aws-drivers-gpu-4.9.111-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-aws-oprofile-4.9.111-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-aws-sound-4.9.111-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-aws-tools-4.9.111-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-debuginfo-4.9.111-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-debuginfo-4.9.111-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-debuginfo-4.9.111-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-devel-4.9.111-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-devel-4.9.111-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-devel-4.9.111-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-docs-4.9.111-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-docs-4.9.111-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-docs-4.9.111-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-drivers-gpu-4.9.111-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-drivers-gpu-4.9.111-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-drivers-gpu-4.9.111-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-esx-4.9.111-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-esx-4.9.111-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-esx-4.9.111-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-esx-debuginfo-4.9.111-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-esx-debuginfo-4.9.111-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-esx-debuginfo-4.9.111-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-esx-devel-4.9.111-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-esx-devel-4.9.111-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-esx-devel-4.9.111-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-esx-docs-4.9.111-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-esx-docs-4.9.111-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-esx-docs-4.9.111-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-oprofile-4.9.111-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-oprofile-4.9.111-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-oprofile-4.9.111-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-secure-4.9.111-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-secure-4.9.111-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-secure-4.9.111-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-secure-debuginfo-4.9.111-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-secure-debuginfo-4.9.111-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-secure-debuginfo-4.9.111-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-secure-devel-4.9.111-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-secure-devel-4.9.111-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-secure-devel-4.9.111-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-secure-docs-4.9.111-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-secure-docs-4.9.111-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-secure-docs-4.9.111-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-secure-lkcm-4.9.111-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-secure-lkcm-4.9.111-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-secure-lkcm-4.9.111-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-sound-4.9.111-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-sound-4.9.111-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-sound-4.9.111-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-tools-4.9.111-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-tools-4.9.111-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-tools-4.9.111-3.ph2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-05T15:19:56", "description": "It was discovered that a race condition existed in the ARC EMAC ethernet driver for the Linux kernel, resulting in a use-after-free vulnerability. An attacker could use this to cause a denial of service (system crash). (CVE-2016-10906)\n\nIt was discovered that a race condition existed in the Serial Attached SCSI (SAS) implementation in the Linux kernel when handling certain error conditions. A local attacker could use this to cause a denial of service (kernel deadlock). (CVE-2017-18232)\n\nIt was discovered that the RSI 91x Wi-Fi driver in the Linux kernel did not did not handle detach operations correctly, leading to a use-after-free vulnerability. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-21008)\n\nWen Huang discovered that the Marvell Wi-Fi device driver in the Linux kernel did not properly perform bounds checking, leading to a heap overflow. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-14814, CVE-2019-14816)\n\nMatt Delco discovered that the KVM hypervisor implementation in the Linux kernel did not properly perform bounds checking when handling coalesced MMIO write operations. A local attacker with write access to /dev/kvm could use this to cause a denial of service (system crash).\n(CVE-2019-14821)\n\nHui Peng and Mathias Payer discovered that the USB audio driver for the Linux kernel did not properly validate device meta data. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15117)\n\nHui Peng and Mathias Payer discovered that the USB audio driver for the Linux kernel improperly performed recursion while handling device meta data. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15118)\n\nIt was discovered that the Technisat DVB-S/S2 USB device driver in the Linux kernel contained a buffer overread. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2019-15505)\n\nBrad Spengler discovered that a Spectre mitigation was improperly implemented in the ptrace susbsystem of the Linux kernel. A local attacker could possibly use this to expose sensitive information.\n(CVE-2019-15902).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-10-22T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-4163-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10906", "CVE-2017-18232", "CVE-2018-21008", "CVE-2019-14814", "CVE-2019-14816", "CVE-2019-14821", "CVE-2019-15117", "CVE-2019-15118", "CVE-2019-15505", "CVE-2019-15902"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "UBUNTU_USN-4163-1.NASL", "href": "https://www.tenable.com/plugins/nessus/130152", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4163-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(130152);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2016-10906\", \"CVE-2017-18232\", \"CVE-2018-21008\", \"CVE-2019-14814\", \"CVE-2019-14816\", \"CVE-2019-14821\", \"CVE-2019-15117\", \"CVE-2019-15118\", \"CVE-2019-15505\", \"CVE-2019-15902\");\n script_xref(name:\"USN\", value:\"4163-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-4163-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that a race condition existed in the ARC EMAC\nethernet driver for the Linux kernel, resulting in a use-after-free\nvulnerability. An attacker could use this to cause a denial of service\n(system crash). (CVE-2016-10906)\n\nIt was discovered that a race condition existed in the Serial Attached\nSCSI (SAS) implementation in the Linux kernel when handling certain\nerror conditions. A local attacker could use this to cause a denial of\nservice (kernel deadlock). (CVE-2017-18232)\n\nIt was discovered that the RSI 91x Wi-Fi driver in the Linux kernel\ndid not did not handle detach operations correctly, leading to a\nuse-after-free vulnerability. A physically proximate attacker could\nuse this to cause a denial of service (system crash) or possibly\nexecute arbitrary code. (CVE-2018-21008)\n\nWen Huang discovered that the Marvell Wi-Fi device driver in the Linux\nkernel did not properly perform bounds checking, leading to a heap\noverflow. A local attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2019-14814,\nCVE-2019-14816)\n\nMatt Delco discovered that the KVM hypervisor implementation in the\nLinux kernel did not properly perform bounds checking when handling\ncoalesced MMIO write operations. A local attacker with write access to\n/dev/kvm could use this to cause a denial of service (system crash).\n(CVE-2019-14821)\n\nHui Peng and Mathias Payer discovered that the USB audio driver for\nthe Linux kernel did not properly validate device meta data. A\nphysically proximate attacker could use this to cause a denial of\nservice (system crash). (CVE-2019-15117)\n\nHui Peng and Mathias Payer discovered that the USB audio driver for\nthe Linux kernel improperly performed recursion while handling device\nmeta data. A physically proximate attacker could use this to cause a\ndenial of service (system crash). (CVE-2019-15118)\n\nIt was discovered that the Technisat DVB-S/S2 USB device driver in the\nLinux kernel contained a buffer overread. A physically proximate\nattacker could use this to cause a denial of service (system crash) or\npossibly expose sensitive information. (CVE-2019-15505)\n\nBrad Spengler discovered that a Spectre mitigation was improperly\nimplemented in the ptrace susbsystem of the Linux kernel. A local\nattacker could possibly use this to expose sensitive information.\n(CVE-2019-15902).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/4163-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2019-2023 Canonical, Inc. / NASL script (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2016-10906\", \"CVE-2017-18232\", \"CVE-2018-21008\", \"CVE-2019-14814\", \"CVE-2019-14816\", \"CVE-2019-14821\", \"CVE-2019-15117\", \"CVE-2019-15118\", \"CVE-2019-15505\", \"CVE-2019-15902\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-4163-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1060-kvm\", pkgver:\"4.4.0-1060.67\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1096-aws\", pkgver:\"4.4.0-1096.107\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1124-raspi2\", pkgver:\"4.4.0-1124.133\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1128-snapdragon\", pkgver:\"4.4.0-1128.136\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-166-generic\", pkgver:\"4.4.0-166.195\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-166-generic-lpae\", pkgver:\"4.4.0-166.195\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-166-lowlatency\", pkgver:\"4.4.0-166.195\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-aws\", pkgver:\"4.4.0.1096.100\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic\", pkgver:\"4.4.0.166.174\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-lpae\", pkgver:\"4.4.0.166.174\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-kvm\", pkgver:\"4.4.0.1060.60\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-lowlatency\", pkgver:\"4.4.0.166.174\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-raspi2\", pkgver:\"4.4.0.1124.124\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-snapdragon\", pkgver:\"4.4.0.1128.120\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-virtual\", pkgver:\"4.4.0.166.174\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.4-aws / linux-image-4.4-generic / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-27T14:37:47", "description": "The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1480 advisory.\n\n - The Serial Attached SCSI (SAS) implementation in the Linux kernel through 4.15.9 mishandles a mutex within libsas, which allows local users to cause a denial of service (deadlock) by triggering certain error- handling code. (CVE-2017-18232)\n\n - The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c in the Linux kernel through 4.15.8 does not validate certain resource availability, which allows local users to cause a denial of service (NULL pointer dereference). (CVE-2018-8043)\n\n - A memory leak in the ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-128c66429247.\n (CVE-2019-18808)\n\n - A memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering kfifo_alloc() failures, aka CID-a7b2df76b42b. (CVE-2019-19054)\n\n - A memory leak in the adis_update_scan_mode_burst() function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-9c0530e898f3. (CVE-2019-19061)\n\n - Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering wait_for_completion_timeout() failures. This affects the htc_config_pipe_credits() function, the htc_setup_complete() function, and the htc_connect_service() function, aka CID-853acf7caf10. (CVE-2019-19073)\n\n - A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmi.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-728c1e2a05e4.\n (CVE-2019-19074)\n\n - In a Linux KVM guest that has PV TLB enabled, a process in the guest kernel may be able to read memory locations from another process in the same guest. This problem is limit to the host running linux kernel 4.10 with a guest running linux kernel 4.16 or later. The problem mainly affects AMD processors but Intel CPUs cannot be ruled out. (CVE-2019-3016)\n\n - In the Android kernel in F2FS driver there is a possible out of bounds read due to a missing bounds check.\n This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation. (CVE-2019-9445)\n\n - An issue was discovered in xfs_agf_verify in fs/xfs/libxfs/xfs_alloc.c in the Linux kernel through 5.6.10.\n Attackers may trigger a sync of excessive duration via an XFS v5 image with crafted metadata, aka CID-d0c7feaf8767. (CVE-2020-12655)\n\n - In the Linux kernel through 5.7.6, usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory leak, aka CID-28ebeb8db770. (CVE-2020-15393)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-08-26T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : kernel (ALAS-2020-1480)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-18232", "CVE-2018-10323", "CVE-2018-8043", "CVE-2019-18808", "CVE-2019-19054", "CVE-2019-19061", "CVE-2019-19073", "CVE-2019-19074", "CVE-2019-3016", "CVE-2019-9445", "CVE-2020-10781", "CVE-2020-12655", "CVE-2020-15393"], "modified": "2022-05-12T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-livepatch-4.14.192-147.314", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "p-cpe:/a:amazon:linux:python-perf", "p-cpe:/a:amazon:linux:python-perf-debuginfo", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2020-1480.NASL", "href": "https://www.tenable.com/plugins/nessus/139858", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2020-1480.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139858);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/12\");\n\n script_cve_id(\n \"CVE-2017-18232\",\n \"CVE-2018-8043\",\n \"CVE-2018-10323\",\n \"CVE-2019-3016\",\n \"CVE-2019-9445\",\n \"CVE-2019-18808\",\n \"CVE-2019-19054\",\n \"CVE-2019-19061\",\n \"CVE-2019-19073\",\n \"CVE-2019-19074\",\n \"CVE-2020-10781\",\n \"CVE-2020-12655\",\n \"CVE-2020-15393\"\n );\n script_bugtraq_id(103354, 103423);\n script_xref(name:\"ALAS\", value:\"2020-1480\");\n\n script_name(english:\"Amazon Linux 2 : kernel (ALAS-2020-1480)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the ALAS2-2020-1480 advisory.\n\n - The Serial Attached SCSI (SAS) implementation in the Linux kernel through 4.15.9 mishandles a mutex within\n libsas, which allows local users to cause a denial of service (deadlock) by triggering certain error-\n handling code. (CVE-2017-18232)\n\n - The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c in the Linux kernel through 4.15.8\n does not validate certain resource availability, which allows local users to cause a denial of service\n (NULL pointer dereference). (CVE-2018-8043)\n\n - A memory leak in the ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel\n through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-128c66429247.\n (CVE-2019-18808)\n\n - A memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c in the Linux\n kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering\n kfifo_alloc() failures, aka CID-a7b2df76b42b. (CVE-2019-19054)\n\n - A memory leak in the adis_update_scan_mode_burst() function in drivers/iio/imu/adis_buffer.c in the Linux\n kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka\n CID-9c0530e898f3. (CVE-2019-19061)\n\n - Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel through 5.3.11 allow\n attackers to cause a denial of service (memory consumption) by triggering wait_for_completion_timeout()\n failures. This affects the htc_config_pipe_credits() function, the htc_setup_complete() function, and the\n htc_connect_service() function, aka CID-853acf7caf10. (CVE-2019-19073)\n\n - A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmi.c in the Linux kernel\n through 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-728c1e2a05e4.\n (CVE-2019-19074)\n\n - In a Linux KVM guest that has PV TLB enabled, a process in the guest kernel may be able to read memory\n locations from another process in the same guest. This problem is limit to the host running linux kernel\n 4.10 with a guest running linux kernel 4.16 or later. The problem mainly affects AMD processors but Intel\n CPUs cannot be ruled out. (CVE-2019-3016)\n\n - In the Android kernel in F2FS driver there is a possible out of bounds read due to a missing bounds check.\n This could lead to local information disclosure with system execution privileges needed. User interaction\n is not needed for exploitation. (CVE-2019-9445)\n\n - An issue was discovered in xfs_agf_verify in fs/xfs/libxfs/xfs_alloc.c in the Linux kernel through 5.6.10.\n Attackers may trigger a sync of excessive duration via an XFS v5 image with crafted metadata, aka\n CID-d0c7feaf8767. (CVE-2020-12655)\n\n - In the Linux kernel through 5.7.6, usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory leak, aka\n CID-28ebeb8db770. (CVE-2020-15393)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALAS-2020-1480.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2017-18232\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-10323\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-8043\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-18808\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19054\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19061\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19073\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19074\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-3016\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-9445\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-10781\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12655\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-15393\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update kernel' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-9445\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-3016\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-livepatch-4.14.192-147.314\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"hotfixes.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (get_one_kb_item(\"Host/kpatch/kernel-cves\"))\n{\n set_hotfix_type(\"kpatch\");\n cve_list = make_list(\"CVE-2017-18232\", \"CVE-2018-8043\", \"CVE-2018-10323\", \"CVE-2019-3016\", \"CVE-2019-9445\", \"CVE-2019-18808\", \"CVE-2019-19054\", \"CVE-2019-19061\", \"CVE-2019-19073\", \"CVE-2019-19074\", \"CVE-2020-10781\", \"CVE-2020-12655\", \"CVE-2020-15393\");\n if (hotfix_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"kpatch hotfix for ALAS-2020-1480\");\n }\n else\n {\n __rpm_report = hotfix_reporting_text();\n }\n}\npkgs = [\n {'reference':'kernel-4.14.192-147.314.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'kernel-4.14.192-147.314.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'kernel-debuginfo-4.14.192-147.314.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'kernel-debuginfo-4.14.192-147.314.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'kernel-debuginfo-common-aarch64-4.14.192-147.314.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'kernel-debuginfo-common-x86_64-4.14.192-147.314.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'kernel-devel-4.14.192-147.314.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'kernel-devel-4.14.192-147.314.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'kernel-headers-4.14.192-147.314.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'kernel-headers-4.14.192-147.314.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'kernel-headers-4.14.192-147.314.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'kernel-livepatch-4.14.192-147.314-1.0-0.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'kernel-tools-4.14.192-147.314.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'kernel-tools-4.14.192-147.314.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'kernel-tools-debuginfo-4.14.192-147.314.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'kernel-tools-debuginfo-4.14.192-147.314.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'kernel-tools-devel-4.14.192-147.314.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'kernel-tools-devel-4.14.192-147.314.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'perf-4.14.192-147.314.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'perf-4.14.192-147.314.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'perf-debuginfo-4.14.192-147.314.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'perf-debuginfo-4.14.192-147.314.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'python-perf-4.14.192-147.314.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'python-perf-4.14.192-147.314.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'python-perf-debuginfo-4.14.192-147.314.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'python-perf-debuginfo-4.14.192-147.314.amzn2', 'cpu':'x86_64', 'release':'AL2'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debuginfo / kernel-debuginfo-common-x86_64 / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-02-21T02:17:07", "description": "According to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :\n\n - The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system:\n memory allocation, process allocation, device input and output, etc.Security Fix(es):A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use this flaw to trigger time and calculation expensive fragment reassembly algorithm by sending specially crafted packets which could lead to a CPU saturation and hence a denial of service on the system.(CVE-2018-5391)Multiple out-of-bounds write flaws were found in the way the Cherry Cymotion keyboard driver, KYE/Genius device drivers, Logitech device drivers, Monterey Genius KB29E keyboard driver, Petalynx Maxter remote control driver, and Sunplus wireless desktop driver handled HID reports with an invalid report descriptor size. An attacker with physical access to the system could use either of these flaws to write data past an allocated memory buffer.(CVE-2014-3184)The __get_data_block function in fs/f2fs/data.c in the Linux kernel before 4.11 allows local users to cause a denial of service (integer overflow and loop) via crafted use of the open and fallocate system calls with an FS_IOC_FIEMAP ioctl.(CVE-2017-18257)netetfilter/xt_osf.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for add_callback and remove_callback operations. This allows local users to bypass intended access restrictions because the xt_osf_fingers data structure is shared across all network namespaces.(CVE-2017-17450)A denial of service flaw was discovered in the Linux kernel, where a race condition caused a NULL pointer dereference in the RDS socket-creation code. A local attacker could use this flaw to create a situation in which a NULL pointer crashed the kernel.(CVE-2015-7990)An issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks during the reading of an extra descriptor, related to\n __usb_get_extra_descriptor in drivers/usb/core/usb.c.(CVE-2018-20169)mm/memory.c in the Linux kernel before 4.1.4 mishandles anonymous pages, which allows local users to gain privileges or cause a denial of service (page tainting) via a crafted application that triggers writing to page zero.(CVE-2015-3288)The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application.(CVE-2015-8660)A flaw was found in the Linux kernel where a local user with a shell account can abuse the userfaultfd syscall when using hugetlbfs.\n A missing size check in hugetlb_mcopy_atomic_pte could create an invalid inode variable, leading to a kernel panic.(CVE-2017-15128)An integer overflow flaw was found in the way the lzo1x_decompress_safe() function of the Linux kernel's LZO implementation processed Literal Runs. A local attacker could, in extremely rare cases, use this flaw to crash the system or, potentially, escalate their privileges on the system.(CVE-2014-4608)It was found that Linux kernel's ptrace subsystem did not properly sanitize the address-space-control bits when the program-status word (PSW) was being set. On IBM S/390 systems, a local, unprivileged user could use this flaw to set address-space-control bits to the kernel space, and thus gain read and write access to kernel memory.(CVE-2014-3534)A use-after-free flaw was found in the Linux kernel's file system encryption implementation. A local user could revoke keyring keys being used for ext4, f2fs, or ubifs encryption, causing a denial of service on the system.(CVE-2017-7374)The usbip_recv_xbuff function in drivers/usb/usbip/usbip_common.c in the Linux kernel before 4.5.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted length value in a USB/IP packet.(CVE-2016-3955)A flaw was found in the patches used to fix the 'dirtycow' vulnerability (CVE-2016-5195). An attacker, able to run local code, can exploit a race condition in transparent huge pages to modify usually read-only huge pages.(CVE-2017-1000405)The aio_mount function in fs/aio.c in the Linux kernel does not properly restrict execute access, which makes it easier for local users to bypass intended SELinux W^X policy restrictions.(CVE-2016-10044)The Serial Attached SCSI (SAS) implementation in the Linux kernel mishandles a mutex within libsas. This allows local users to cause a denial of service (deadlock) by triggering certain error-handling code.(CVE-2017-18232)A use-after-free vulnerability was found in tcp_xmit_retransmit_queue and other tcp_* functions. This condition could allow an attacker to send an incorrect selective acknowledgment to existing connections, possibly resetting a connection.(CVE-2016-6828)The instruction decoder in arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel before 3.18-rc2 does not properly handle invalid instructions, which allows guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) via a crafted application that triggers (1) an improperly fetched instruction or (2) an instruction that occupies too many bytes. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-8480.(CVE-2014-8481)The snd_compress_check_input function in sound/core/compress_offload.c in the ALSA subsystem in the Linux kernel before 3.17 does not properly check for an integer overflow, which allows local users to cause a denial of service (insufficient memory allocation) or possibly have unspecified other impact via a crafted SNDRV_COMPRESS_SET_PARAMS ioctl call.(CVE-2014-9904)The resv_map_release function in mm/hugetlb.c in the Linux kernel, through 4.15.7, allows local users to cause a denial of service (BUG) via a crafted application that makes mmap system calls and has a large pgoff argument to the remap_file_pages system call.(CVE-2018-7740)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-05-13T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1505)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-3184", "CVE-2014-3534", "CVE-2014-4608", "CVE-2014-8481", "CVE-2014-9904", "CVE-2015-3288", "CVE-2015-7990", "CVE-2015-8660", "CVE-2016-10044", "CVE-2016-3955", "CVE-2016-6828", "CVE-2017-1000405", "CVE-2017-15128", "CVE-2017-17450", "CVE-2017-18232", "CVE-2017-18257", "CVE-2017-7374", "CVE-2018-20169", "CVE-2018-5391", "CVE-2018-7740"], "modified": "2021-02-09T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:kernel-tools-libs-devel", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:uvp:3.0.1.0"], "id": "EULEROS_SA-2019-1505.NASL", "href": "https://www.tenable.com/plugins/nessus/124828", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124828);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/09\");\n\n script_cve_id(\n \"CVE-2014-3184\",\n \"CVE-2014-3534\",\n \"CVE-2014-4608\",\n \"CVE-2014-8481\",\n \"CVE-2014-9904\",\n \"CVE-2015-3288\",\n \"CVE-2015-7990\",\n \"CVE-2015-8660\",\n \"CVE-2016-10044\",\n \"CVE-2016-3955\",\n \"CVE-2016-6828\",\n \"CVE-2017-1000405\",\n \"CVE-2017-15128\",\n \"CVE-2017-17450\",\n \"CVE-2017-18232\",\n \"CVE-2017-18257\",\n \"CVE-2017-7374\",\n \"CVE-2018-20169\",\n \"CVE-2018-5391\",\n \"CVE-2018-7740\"\n );\n script_bugtraq_id(\n 68214,\n 68940,\n 69768,\n 70712\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1505)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - The kernel package contains the Linux kernel (vmlinuz),\n the core of any Linux operating system. The kernel\n handles the basic functions of the operating system:\n memory allocation, process allocation, device input and\n output, etc.Security Fix(es):A flaw named FragmentSmack\n was found in the way the Linux kernel handled\n reassembly of fragmented IPv4 and IPv6 packets. A\n remote attacker could use this flaw to trigger time and\n calculation expensive fragment reassembly algorithm by\n sending specially crafted packets which could lead to a\n CPU saturation and hence a denial of service on the\n system.(CVE-2018-5391)Multiple out-of-bounds write\n flaws were found in the way the Cherry Cymotion\n keyboard driver, KYE/Genius device drivers, Logitech\n device drivers, Monterey Genius KB29E keyboard driver,\n Petalynx Maxter remote control driver, and Sunplus\n wireless desktop driver handled HID reports with an\n invalid report descriptor size. An attacker with\n physical access to the system could use either of these\n flaws to write data past an allocated memory\n buffer.(CVE-2014-3184)The __get_data_block function in\n fs/f2fs/data.c in the Linux kernel before 4.11 allows\n local users to cause a denial of service (integer\n overflow and loop) via crafted use of the open and\n fallocate system calls with an FS_IOC_FIEMAP\n ioctl.(CVE-2017-18257)netetfilter/xt_osf.c in the Linux\n kernel through 4.14.4 does not require the\n CAP_NET_ADMIN capability for add_callback and\n remove_callback operations. This allows local users to\n bypass intended access restrictions because the\n xt_osf_fingers data structure is shared across all\n network namespaces.(CVE-2017-17450)A denial of service\n flaw was discovered in the Linux kernel, where a race\n condition caused a NULL pointer dereference in the RDS\n socket-creation code. A local attacker could use this\n flaw to create a situation in which a NULL pointer\n crashed the kernel.(CVE-2015-7990)An issue was\n discovered in the Linux kernel before 4.19.9. The USB\n subsystem mishandles size checks during the reading of\n an extra descriptor, related to\n __usb_get_extra_descriptor in\n drivers/usb/core/usb.c.(CVE-2018-20169)mm/memory.c in\n the Linux kernel before 4.1.4 mishandles anonymous\n pages, which allows local users to gain privileges or\n cause a denial of service (page tainting) via a crafted\n application that triggers writing to page\n zero.(CVE-2015-3288)The ovl_setattr function in\n fs/overlayfs/inode.c in the Linux kernel through 4.3.3\n attempts to merge distinct setattr operations, which\n allows local users to bypass intended access\n restrictions and modify the attributes of arbitrary\n overlay files via a crafted\n application.(CVE-2015-8660)A flaw was found in the\n Linux kernel where a local user with a shell account\n can abuse the userfaultfd syscall when using hugetlbfs.\n A missing size check in hugetlb_mcopy_atomic_pte could\n create an invalid inode variable, leading to a kernel\n panic.(CVE-2017-15128)An integer overflow flaw was\n found in the way the lzo1x_decompress_safe() function\n of the Linux kernel's LZO implementation processed\n Literal Runs. A local attacker could, in extremely rare\n cases, use this flaw to crash the system or,\n potentially, escalate their privileges on the\n system.(CVE-2014-4608)It was found that Linux kernel's\n ptrace subsystem did not properly sanitize the\n address-space-control bits when the program-status word\n (PSW) was being set. On IBM S/390 systems, a local,\n unprivileged user could use this flaw to set\n address-space-control bits to the kernel space, and\n thus gain read and write access to kernel\n memory.(CVE-2014-3534)A use-after-free flaw was found\n in the Linux kernel's file system encryption\n implementation. A local user could revoke keyring keys\n being used for ext4, f2fs, or ubifs encryption, causing\n a denial of service on the system.(CVE-2017-7374)The\n usbip_recv_xbuff function in\n drivers/usb/usbip/usbip_common.c in the Linux kernel\n before 4.5.3 allows remote attackers to cause a denial\n of service (out-of-bounds write) or possibly have\n unspecified other impact via a crafted length value in\n a USB/IP packet.(CVE-2016-3955)A flaw was found in the\n patches used to fix the 'dirtycow' vulnerability\n (CVE-2016-5195). An attacker, able to run local code,\n can exploit a race condition in transparent huge pages\n to modify usually read-only huge\n pages.(CVE-2017-1000405)The aio_mount function in\n fs/aio.c in the Linux kernel does not properly restrict\n execute access, which makes it easier for local users\n to bypass intended SELinux W^X policy\n restrictions.(CVE-2016-10044)The Serial Attached SCSI\n (SAS) implementation in the Linux kernel mishandles a\n mutex within libsas. This allows local users to cause a\n denial of service (deadlock) by triggering certain\n error-handling code.(CVE-2017-18232)A use-after-free\n vulnerability was found in tcp_xmit_retransmit_queue\n and other tcp_* functions. This condition could allow\n an attacker to send an incorrect selective\n acknowledgment to existing connections, possibly\n resetting a connection.(CVE-2016-6828)The instruction\n decoder in arch/x86/kvm/emulate.c in the KVM subsystem\n in the Linux kernel before 3.18-rc2 does not properly\n handle invalid instructions, which allows guest OS\n users to cause a denial of service (NULL pointer\n dereference and host OS crash) via a crafted\n application that triggers (1) an improperly fetched\n instruction or (2) an instruction that occupies too\n many bytes. NOTE: this vulnerability exists because of\n an incomplete fix for CVE-2014-8480.(CVE-2014-8481)The\n snd_compress_check_input function in\n sound/core/compress_offload.c in the ALSA subsystem in\n the Linux kernel before 3.17 does not properly check\n for an integer overflow, which allows local users to\n cause a denial of service (insufficient memory\n allocation) or possibly have unspecified other impact\n via a crafted SNDRV_COMPRESS_SET_PARAMS ioctl\n call.(CVE-2014-9904)The resv_map_release function in\n mm/hugetlb.c in the Linux kernel, through 4.15.7,\n allows local users to cause a denial of service (BUG)\n via a crafted application that makes mmap system calls\n and has a large pgoff argument to the remap_file_pages\n system call.(CVE-2018-7740)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1505\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0dd8d759\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Overlayfs Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.1.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.1.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.1.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-4.19.28-1.2.117\",\n \"kernel-devel-4.19.28-1.2.117\",\n \"kernel-headers-4.19.28-1.2.117\",\n \"kernel-tools-4.19.28-1.2.117\",\n \"kernel-tools-libs-4.19.28-1.2.117\",\n \"kernel-tools-libs-devel-4.19.28-1.2.117\",\n \"perf-4.19.28-1.2.117\",\n \"python-perf-4.19.28-1.2.117\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-10T14:47:33", "description": "Security Fix(es) :\n\n - A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use this flaw to trigger time and calculation expensive fragment reassembly algorithm by sending specially crafted packets which could lead to a CPU saturation and hence a denial of service on the system. (CVE-2018-5391)\n\n - kernel: out-of-bounds access in the show_timer function in kernel/time /posix-timers.c (CVE-2017-18344)\n\n - kernel: Integer overflow in udl_fb_mmap() can allow attackers to execute code in kernel space (CVE-2018-8781)\n\n - kernel: MIDI driver race condition leads to a double-free (CVE-2018-10902)\n\n - kernel: Missing check in inode_init_owner() does not clear SGID bit on non-directories for non-members (CVE-2018-13405)\n\n - kernel: AIO write triggers integer overflow in some protocols (CVE-2015-8830)\n\n - kernel: Use-after-free in snd_pcm_info function in ALSA subsystem potentially leads to privilege escalation (CVE-2017-0861)\n\n - kernel: Handling of might_cancel queueing is not properly pretected against race (CVE-2017-10661)\n\n - kernel: Salsa20 encryption algorithm does not correctly handle zero- length inputs allowing local attackers to cause denial of service (CVE-2017-17805)\n\n - kernel: Inifinite loop vulnerability in madvise_willneed() function allows local denial of service (CVE-2017-18208)\n\n - kernel: fuse-backed file mmap-ed onto process cmdline arguments causes denial of service (CVE-2018-1120)\n\n - kernel: a NULL pointer dereference in dccp_write_xmit() leads to a system crash (CVE-2018-1130)\n\n - kernel: drivers/block/loop.c mishandles lo_release serialization allowing denial of service (CVE-2018-5344)\n\n - kernel: Missing length check of payload in\n _sctp_make_chunk() function allows denial of service (CVE-2018-5803)\n\n - kernel: buffer overflow in drivers/net/wireless/ath/wil6210/wmi.c:wmi_set_ie() may lead to memory corruption (CVE-2018-5848)\n\n - kernel: out-of-bound write in ext4_init_block_bitmap function with a crafted ext4 image (CVE-2018-10878)\n\n - kernel: Improper validation in bnx2x network card driver can allow for denial of service attacks via crafted packet (CVE-2018-1000026)\n\n - kernel: Information leak when handling NM entries containing NUL (CVE-2016-4913)\n\n - kernel: Mishandling mutex within libsas allowing local Denial of Service (CVE-2017-18232)\n\n - kernel: NULL pointer dereference in ext4_process_freed_data() when mounting crafted ext4 image (CVE-2018-1092)\n\n - kernel: NULL pointer dereference in ext4_xattr_inode_hash() causes crash with crafted ext4 image (CVE-2018-1094)\n\n - kernel: vhost: Information disclosure in vhost/vhost.c:vhost_new_msg() (CVE-2018-1118)\n\n - kernel: Denial of service in resv_map_release function in mm/hugetlb.c (CVE-2018-7740)\n\n - kernel: Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c (CVE-2018-7757)\n\n - kernel: Invalid pointer dereference in xfs_ilock_attr_map_shared() when mounting crafted xfs image allowing denial of service (CVE-2018-10322)\n\n - kernel: use-after-free detected in ext4_xattr_set_entry with a crafted file (CVE-2018-10879)\n\n - kernel: out-of-bound access in ext4_get_group_info() when mounting and operating a crafted ext4 image (CVE-2018-10881)\n\n - kernel: stack-out-of-bounds write in jbd2_journal_dirty_metadata function (CVE-2018-10883)\n\n - kernel: incorrect memory bounds check in drivers/cdrom/cdrom.c (CVE-2018-10940)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-11-27T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : kernel on SL7.x x86_64 (20181030)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8830", "CVE-2016-4913", "CVE-2017-0861", "CVE-2017-10661", "CVE-2017-17805", "CVE-2017-18208", "CVE-2017-18232", "CVE-2017-18344", "CVE-2018-1000026", "CVE-2018-10322", "CVE-2018-10878", "CVE-2018-10879", "CVE-2018-10881", "CVE-2018-10883", "CVE-2018-10902", "CVE-2018-1092", "CVE-2018-1094", "CVE-2018-10940", "CVE-2018-1118", "CVE-2018-1120", "CVE-2018-1130", "CVE-2018-13405", "CVE-2018-5344", "CVE-2018-5391", "CVE-2018-5803", "CVE-2018-5848", "CVE-2018-7740", "CVE-2018-7757", "CVE-2018-8781"], "modified": "2022-05-31T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:bpftool", "p-cpe:/a:fermilab:scientific_linux:kernel", "p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists", "p-cpe:/a:fermilab:scientific_linux:kernel-debug", "p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:fermilab:scientific_linux:kernel-devel", "p-cpe:/a:fermilab:scientific_linux:kernel-doc", "p-cpe:/a:fermilab:scientific_linux:kernel-headers", "p-cpe:/a:fermilab:scientific_linux:kernel-tools", "p-cpe:/a:fermilab:scientific_linux:kernel-tools-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs", "p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs-devel", "p-cpe:/a:fermilab:scientific_linux:perf", "p-cpe:/a:fermilab:scientific_linux:perf-debuginfo", "p-cpe:/a:fermilab:scientific_linux:python-perf", "p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20181030_KERNEL_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/119187", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(119187);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/31\");\n\n script_cve_id(\"CVE-2015-8830\", \"CVE-2016-4913\", \"CVE-2017-0861\", \"CVE-2017-10661\", \"CVE-2017-17805\", \"CVE-2017-18208\", \"CVE-2017-18232\", \"CVE-2017-18344\", \"CVE-2018-1000026\", \"CVE-2018-10322\", \"CVE-2018-10878\", \"CVE-2018-10879\", \"CVE-2018-10881\", \"CVE-2018-10883\", \"CVE-2018-10902\", \"CVE-2018-1092\", \"CVE-2018-1094\", \"CVE-2018-10940\", \"CVE-2018-1118\", \"CVE-2018-1120\", \"CVE-2018-1130\", \"CVE-2018-13405\", \"CVE-2018-5344\", \"CVE-2018-5391\", \"CVE-2018-5803\", \"CVE-2018-5848\", \"CVE-2018-7740\", \"CVE-2018-7757\", \"CVE-2018-8781\");\n\n script_name(english:\"Scientific Linux Security Update : kernel on SL7.x x86_64 (20181030)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Security Fix(es) :\n\n - A flaw named FragmentSmack was found in the way the\n Linux kernel handled reassembly of fragmented IPv4 and\n IPv6 packets. A remote attacker could use this flaw to\n trigger time and calculation expensive fragment\n reassembly algorithm by sending specially crafted\n packets which could lead to a CPU saturation and hence a\n denial of service on the system. (CVE-2018-5391)\n\n - kernel: out-of-bounds access in the show_timer function\n in kernel/time /posix-timers.c (CVE-2017-18344)\n\n - kernel: Integer overflow in udl_fb_mmap() can allow\n attackers to execute code in kernel space\n (CVE-2018-8781)\n\n - kernel: MIDI driver race condition leads to a\n double-free (CVE-2018-10902)\n\n - kernel: Missing check in inode_init_owner() does not\n clear SGID bit on non-directories for non-members\n (CVE-2018-13405)\n\n - kernel: AIO write triggers integer overflow in some\n protocols (CVE-2015-8830)\n\n - kernel: Use-after-free in snd_pcm_info function in ALSA\n subsystem potentially leads to privilege escalation\n (CVE-2017-0861)\n\n - kernel: Handling of might_cancel queueing is not\n properly pretected against race (CVE-2017-10661)\n\n - kernel: Salsa20 encryption algorithm does not correctly\n handle zero- length inputs allowing local attackers to\n cause denial of service (CVE-2017-17805)\n\n - kernel: Inifinite loop vulnerability in\n madvise_willneed() function allows local denial of\n service (CVE-2017-18208)\n\n - kernel: fuse-backed file mmap-ed onto process cmdline\n arguments causes denial of service (CVE-2018-1120)\n\n - kernel: a NULL pointer dereference in dccp_write_xmit()\n leads to a system crash (CVE-2018-1130)\n\n - kernel: drivers/block/loop.c mishandles lo_release\n serialization allowing denial of service (CVE-2018-5344)\n\n - kernel: Missing length check of payload in\n _sctp_make_chunk() function allows denial of service\n (CVE-2018-5803)\n\n - kernel: buffer overflow in\n drivers/net/wireless/ath/wil6210/wmi.c:wmi_set_ie() may\n lead to memory corruption (CVE-2018-5848)\n\n - kernel: out-of-bound write in ext4_init_block_bitmap\n function with a crafted ext4 image (CVE-2018-10878)\n\n - kernel: Improper validation in bnx2x network card driver\n can allow for denial of service attacks via crafted\n packet (CVE-2018-1000026)\n\n - kernel: Information leak when handling NM entries\n containing NUL (CVE-2016-4913)\n\n - kernel: Mishandling mutex within libsas allowing local\n Denial of Service (CVE-2017-18232)\n\n - kernel: NULL pointer dereference in\n ext4_process_freed_data() when mounting crafted ext4\n image (CVE-2018-1092)\n\n - kernel: NULL pointer dereference in\n ext4_xattr_inode_hash() causes crash with crafted ext4\n image (CVE-2018-1094)\n\n - kernel: vhost: Information disclosure in\n vhost/vhost.c:vhost_new_msg() (CVE-2018-1118)\n\n - kernel: Denial of service in resv_map_release function\n in mm/hugetlb.c (CVE-2018-7740)\n\n - kernel: Memory leak in the sas_smp_get_phy_events\n function in drivers/scsi/libsas/sas_expander.c\n (CVE-2018-7757)\n\n - kernel: Invalid pointer dereference in\n xfs_ilock_attr_map_shared() when mounting crafted xfs\n image allowing denial of service (CVE-2018-10322)\n\n - kernel: use-after-free detected in ext4_xattr_set_entry\n with a crafted file (CVE-2018-10879)\n\n - kernel: out-of-bound access in ext4_get_group_info()\n when mounting and operating a crafted ext4 image\n (CVE-2018-10881)\n\n - kernel: stack-out-of-bounds write in\n jbd2_journal_dirty_metadata function (CVE-2018-10883)\n\n - kernel: incorrect memory bounds check in\n drivers/cdrom/cdrom.c (CVE-2018-10940)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1811&L=scientific-linux-errata&F=&S=&P=8524\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?faf0e575\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-10661\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"bpftool-3.10.0-957.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-3.10.0-957.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"kernel-abi-whitelists-3.10.0-957.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-957.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-3.10.0-957.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-957.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-3.10.0-957.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-3.10.0-957.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-957.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"kernel-doc-3.10.0-957.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-957.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-957.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-debuginfo-3.10.0-957.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-957.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-957.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"perf-3.10.0-957.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"perf-debuginfo-3.10.0-957.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-957.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-3.10.0-957.el7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bpftool / kernel / kernel-abi-whitelists / kernel-debug / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-03-10T14:46:40", "description": "An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es) :\n\n* A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use this flaw to trigger time and calculation expensive fragment reassembly algorithm by sending specially crafted packets which could lead to a CPU saturation and hence a denial of service on the system. (CVE-2018-5391)\n\n* kernel: out-of-bounds access in the show_timer function in kernel/time/ posix-timers.c (CVE-2017-18344)\n\n* kernel: Integer overflow in udl_fb_mmap() can allow attackers to execute code in kernel space (CVE-2018-8781)\n\n* kernel: MIDI driver race condition leads to a double-free (CVE-2018-10902)\n\n* kernel: Missing check in inode_init_owner() does not clear SGID bit on non-directories for non-members (CVE-2018-13405)\n\n* kernel: AIO write triggers integer overflow in some protocols (CVE-2015-8830)\n\n* kernel: Use-after-free in snd_pcm_info function in ALSA subsystem potentially leads to privilege escalation (CVE-2017-0861)\n\n* kernel: Handling of might_cancel queueing is not properly pretected against race (CVE-2017-10661)\n\n* kernel: Salsa20 encryption algorithm does not correctly handle zero-length inputs allowing local attackers to cause denial of service (CVE-2017-17805)\n\n* kernel: Inifinite loop vulnerability in madvise_willneed() function allows local denial of service (CVE-2017-18208)\n\n* kernel: fuse-backed file mmap-ed onto process cmdline arguments causes denial of service (CVE-2018-1120)\n\n* kernel: a NULL pointer dereference in dccp_write_xmit() leads to a system crash (CVE-2018-1130)\n\n* kernel: drivers/block/loop.c mishandles lo_release serialization allowing denial of service (CVE-2018-5344)\n\n* kernel: Missing length check of payload in _sctp_make_chunk() function allows denial of service (CVE-2018-5803)\n\n* kernel: buffer overflow in drivers/net/wireless/ath/wil6210/ wmi.c:wmi_set_ie() may lead to memory corruption (CVE-2018-5848)\n\n* kernel: out-of-bound write in ext4_init_block_bitmap function with a crafted ext4 image (CVE-2018-10878)\n\n* kernel: Improper validation in bnx2x network card driver can allow for denial of service attacks via crafted packet (CVE-2018-1000026)\n\n* kernel: Information leak when handling NM entries containing NUL (CVE-2016-4913)\n\n* kernel: Mishandling mutex within libsas allowing local Denial of Service (CVE-2017-18232)\n\n* kernel: NULL pointer dereference in ext4_process_freed_data() when mounting crafted ext4 image (CVE-2018-1092)\n\n* kernel: NULL pointer dereference in ext4_xattr_inode_hash() causes crash with crafted ext4 image (CVE-2018-1094)\n\n* kernel: vhost: Information disclosure in vhost/vhost.c:vhost_new_msg() (CVE-2018-1118)\n\n* kernel: Denial of service in resv_map_release function in mm/hugetlb.c (CVE-2018-7740)\n\n* kernel: Memory leak in the sas_smp_get_phy_events function in drivers/scsi/ libsas/sas_expander.c (CVE-2018-7757)\n\n* kernel: Invalid pointer dereference in xfs_ilock_attr_map_shared() when mounting crafted xfs image allowing denial of service (CVE-2018-10322)\n\n* kernel: use-after-free detected in ext4_xattr_set_entry with a crafted file (CVE-2018-10879)\n\n* kernel: out-of-bound access in ext4_get_group_info() when mounting and operating a crafted ext4 image (CVE-2018-10881)\n\n* kernel: stack-out-of-bounds write in jbd2_journal_dirty_metadata function (CVE-2018-10883)\n\n* kernel: incorrect memory bounds check in drivers/cdrom/cdrom.c (CVE-2018-10940)\n\nRed Hat would like to thank Juha-Matti Tilli (Aalto University - Department of Communications and Networking and Nokia Bell Labs) for reporting CVE-2018-5391; Trend Micro Zero Day Initiative for reporting CVE-2018-10902; Qualys Research Labs for reporting CVE-2018-1120;\nEvgenii Shatokhin (Virtuozzo Team) for reporting CVE-2018-1130; and Wen Xu for reporting CVE-2018-1092 and CVE-2018-1094.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-11-16T00:00:00", "type": "nessus", "title": "CentOS 7 : kernel (CESA-2018:3083)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8830", "CVE-2016-4913", "CVE-2017-0861", "CVE-2017-10661", "CVE-2017-17805", "CVE-2017-18208", "CVE-2017-18232", "CVE-2017-18344", "CVE-2017-18360", "CVE-2018-1000026", "CVE-2018-10322", "CVE-2018-10878", "CVE-2018-10879", "CVE-2018-10881", "CVE-2018-10883", "CVE-2018-10902", "CVE-2018-1092", "CVE-2018-1094", "CVE-2018-10940", "CVE-2018-1118", "CVE-2018-1120", "CVE-2018-1130", "CVE-2018-13405", "CVE-2018-18690", "CVE-2018-5344", "CVE-2018-5391", "CVE-2018-5803", "CVE-2018-5848", "CVE-2018-7740", "CVE-2018-7757", "CVE-2018-8781"], "modified": "2022-05-27T00:00:00", "cpe": ["p-cpe:/a:centos:centos:bpftool", "p-cpe:/a:centos:centos:kernel", "p-cpe:/a:centos:centos:kernel-abi-whitelists", "p-cpe:/a:centos:centos:kernel-debug", "p-cpe:/a:centos:centos:kernel-debug-devel", "p-cpe:/a:centos:centos:kernel-devel", "p-cpe:/a:centos:centos:kernel-doc", "p-cpe:/a:centos:centos:kernel-headers", "p-cpe:/a:centos:centos:kernel-tools", "p-cpe:/a:centos:centos:kernel-tools-libs", "p-cpe:/a:centos:centos:kernel-tools-libs-devel", "p-cpe:/a:centos:centos:perf", "p-cpe:/a:centos:centos:python-perf", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2018-3083.NASL", "href": "https://www.tenable.com/plugins/nessus/118990", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:3083 and \n# CentOS Errata and Security Advisory 2018:3083 respectively.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(118990);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/27\");\n\n script_cve_id(\n \"CVE-2015-8830\",\n \"CVE-2016-4913\",\n \"CVE-2017-0861\",\n \"CVE-2017-10661\",\n \"CVE-2017-17805\",\n \"CVE-2017-18208\",\n \"CVE-2017-18232\",\n \"CVE-2017-18344\",\n \"CVE-2017-18360\",\n \"CVE-2018-1092\",\n \"CVE-2018-1094\",\n \"CVE-2018-1118\",\n \"CVE-2018-1120\",\n \"CVE-2018-1130\",\n \"CVE-2018-5344\",\n \"CVE-2018-5391\",\n \"CVE-2018-5803\",\n \"CVE-2018-5848\",\n \"CVE-2018-7740\",\n \"CVE-2018-7757\",\n \"CVE-2018-8781\",\n \"CVE-2018-10322\",\n \"CVE-2018-10878\",\n \"CVE-2018-10879\",\n \"CVE-2018-10881\",\n \"CVE-2018-10883\",\n \"CVE-2018-10902\",\n \"CVE-2018-10940\",\n \"CVE-2018-13405\",\n \"CVE-2018-18690\",\n \"CVE-2018-1000026\"\n );\n script_xref(name:\"RHSA\", value:\"2018:3083\");\n\n script_name(english:\"CentOS 7 : kernel (CESA-2018:3083)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* A flaw named FragmentSmack was found in the way the Linux kernel\nhandled reassembly of fragmented IPv4 and IPv6 packets. A remote\nattacker could use this flaw to trigger time and calculation expensive\nfragment reassembly algorithm by sending specially crafted packets\nwhich could lead to a CPU saturation and hence a denial of service on\nthe system. (CVE-2018-5391)\n\n* kernel: out-of-bounds access in the show_timer function in\nkernel/time/ posix-timers.c (CVE-2017-18344)\n\n* kernel: Integer overflow in udl_fb_mmap() can allow attackers to\nexecute code in kernel space (CVE-2018-8781)\n\n* kernel: MIDI driver race condition leads to a double-free\n(CVE-2018-10902)\n\n* kernel: Missing check in inode_init_owner() does not clear SGID bit\non non-directories for non-members (CVE-2018-13405)\n\n* kernel: AIO write triggers integer overflow in some protocols\n(CVE-2015-8830)\n\n* kernel: Use-after-free in snd_pcm_info function in ALSA subsystem\npotentially leads to privilege escalation (CVE-2017-0861)\n\n* kernel: Handling of might_cancel queueing is not properly pretected\nagainst race (CVE-2017-10661)\n\n* kernel: Salsa20 encryption algorithm does not correctly handle\nzero-length inputs allowing local attackers to cause denial of service\n(CVE-2017-17805)\n\n* kernel: Inifinite loop vulnerability in madvise_willneed() function\nallows local denial of service (CVE-2017-18208)\n\n* kernel: fuse-backed file mmap-ed onto process cmdline arguments\ncauses denial of service (CVE-2018-1120)\n\n* kernel: a NULL pointer dereference in dccp_write_xmit() leads to a\nsystem crash (CVE-2018-1130)\n\n* kernel: drivers/block/loop.c mishandles lo_release serialization\nallowing denial of service (CVE-2018-5344)\n\n* kernel: Missing length check of payload in _sctp_make_chunk()\nfunction allows denial of service (CVE-2018-5803)\n\n* kernel: buffer overflow in drivers/net/wireless/ath/wil6210/\nwmi.c:wmi_set_ie() may lead to memory corruption (CVE-2018-5848)\n\n* kernel: out-of-bound write in ext4_init_block_bitmap function with a\ncrafted ext4 image (CVE-2018-10878)\n\n* kernel: Improper validation in bnx2x network card driver can allow\nfor denial of service attacks via crafted packet (CVE-2018-1000026)\n\n* kernel: Information leak when handling NM entries containing NUL\n(CVE-2016-4913)\n\n* kernel: Mishandling mutex within libsas allowing local Denial of\nService (CVE-2017-18232)\n\n* kernel: NULL pointer dereference in ext4_process_freed_data() when\nmounting crafted ext4 image (CVE-2018-1092)\n\n* kernel: NULL pointer dereference in ext4_xattr_inode_hash() causes\ncrash with crafted ext4 image (CVE-2018-1094)\n\n* kernel: vhost: Information disclosure in\nvhost/vhost.c:vhost_new_msg() (CVE-2018-1118)\n\n* kernel: Denial of service in resv_map_release function in\nmm/hugetlb.c (CVE-2018-7740)\n\n* kernel: Memory leak in the sas_smp_get_phy_events function in\ndrivers/scsi/ libsas/sas_expander.c (CVE-2018-7757)\n\n* kernel: Invalid pointer dereference in xfs_ilock_attr_map_shared()\nwhen mounting crafted xfs image allowing denial of service\n(CVE-2018-10322)\n\n* kernel: use-after-free detected in ext4_xattr_set_entry with a\ncrafted file (CVE-2018-10879)\n\n* kernel: out-of-bound access in ext4_get_group_info() when mounting\nand operating a crafted ext4 image (CVE-2018-10881)\n\n* kernel: stack-out-of-bounds write in jbd2_journal_dirty_metadata\nfunction (CVE-2018-10883)\n\n* kernel: incorrect memory bounds check in drivers/cdrom/cdrom.c\n(CVE-2018-10940)\n\nRed Hat would like to thank Juha-Matti Tilli (Aalto University -\nDepartment of Communications and Networking and Nokia Bell Labs) for\nreporting CVE-2018-5391; Trend Micro Zero Day Initiative for reporting\nCVE-2018-10902; Qualys Research Labs for reporting CVE-2018-1120;\nEvgenii Shatokhin (Virtuozzo Team) for reporting CVE-2018-1130; and\nWen Xu for reporting CVE-2018-1092 and CVE-2018-1094.\");\n # https://lists.centos.org/pipermail/centos-cr-announce/2018-November/005315.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5bad9901\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-10661\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-8781\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"bpftool-3.10.0-957.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-3.10.0-957.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-abi-whitelists-3.10.0-957.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-957.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-957.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-957.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-doc-3.10.0-957.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-957.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-957.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-957.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-957.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"perf-3.10.0-957.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-957.el7\")) flag++;\n\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bpftool / kernel / kernel-abi-whitelists / kernel-debug / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-03-24T14:46:39", "description": "An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es) :\n\n* A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use this flaw to trigger time and calculation expensive fragment reassembly algorithm by sending specially crafted packets which could lead to a CPU saturation and hence a denial of service on the system. (CVE-2018-5391)\n\n* kernel: out-of-bounds access in the show_timer function in kernel/time/ posix-timers.c (CVE-2017-18344)\n\n* kernel: Integer overflow in udl_fb_mmap() can allow attackers to execute code in kernel space (CVE-2018-8781)\n\n* kernel: MIDI driver race condition leads to a double-free (CVE-2018-10902)\n\n* kernel: Missing check in inode_init_owner() does not clear SGID bit on non-directories for non-members (CVE-2018-13405)\n\n* kernel: AIO write triggers integer overflow in some protocols (CVE-2015-8830)\n\n* kernel: Use-after-free in snd_pcm_info function in ALSA subsystem potentially leads to privilege escalation (CVE-2017-0861)\n\n* kernel: Handling of might_cancel queueing is not properly pretected against race (CVE-2017-10661)\n\n* kernel: Salsa20 encryption algorithm does not correctly handle zero-length inputs allowing local attackers to cause denial of service (CVE-2017-17805)\n\n* kernel: Inifinite loop vulnerability in madvise_willneed() function allows local denial of service (CVE-2017-18208)\n\n* kernel: fuse-backed file mmap-ed onto process cmdline arguments causes denial of service (CVE-2018-1120)\n\n* kernel: a NULL pointer dereference in dccp_write_xmit() leads to a system crash (CVE-2018-1130)\n\n* kernel: drivers/block/loop.c mishandles lo_release serialization allowing denial of service (CVE-2018-5344)\n\n* kernel: Missing length check of payload in _sctp_make_chunk() function allows denial of service (CVE-2018-5803)\n\n* kernel: buffer overflow in drivers/net/wireless/ath/wil6210/ wmi.c:wmi_set_ie() may lead to memory corruption (CVE-2018-5848)\n\n* kernel: out-of-bound write in ext4_init_block_bitmap function with a crafted ext4 image (CVE-2018-10878)\n\n* kernel: Improper validation in bnx2x network card driver can allow for denial of service attacks via crafted packet (CVE-2018-1000026)\n\n* kernel: Information leak when handling NM entries containing NUL (CVE-2016-4913)\n\n* kernel: Mishandling mutex within libsas allowing local Denial of Service (CVE-2017-18232)\n\n* kernel: NULL pointer dereference in ext4_process_freed_data() when mounting crafted ext4 image (CVE-2018-1092)\n\n* kernel: NULL pointer dereference in ext4_xattr_inode_hash() causes crash with crafted ext4 image (CVE-2018-1094)\n\n* kernel: vhost: Information disclosure in vhost/vhost.c:vhost_new_msg() (CVE-2018-1118)\n\n* kernel: Denial of service in resv_map_release function in mm/hugetlb.c (CVE-2018-7740)\n\n* kernel: Memory leak in the sas_smp_get_phy_events function in drivers/scsi/ libsas/sas_expander.c (CVE-2018-7757)\n\n* kernel: Invalid pointer dereference in xfs_ilock_attr_map_shared() when mounting crafted xfs image allowing denial of service (CVE-2018-10322)\n\n* kernel: use-after-free detected in ext4_xattr_set_entry with a crafted file (CVE-2018-10879)\n\n* kernel: out-of-bound access in ext4_get_group_info() when mounting and operating a crafted ext4 image (CVE-2018-10881)\n\n* kernel: stack-out-of-bounds write in jbd2_journal_dirty_metadata function (CVE-2018-10883)\n\n* kernel: incorrect memory bounds check in drivers/cdrom/cdrom.c (CVE-2018-10940)\n\nRed Hat would like to thank Juha-Matti Tilli (Aalto University - Department of Communications and Networking and Nokia Bell Labs) for reporting CVE-2018-5391; Trend Micro Zero Day Initiative for reporting CVE-2018-10902; Qualys Research Labs for reporting CVE-2018-1120;\nEvgenii Shatokhin (Virtuozzo Team) for reporting CVE-2018-1130; and Wen Xu for reporting CVE-2018-1092 and CVE-2018-1094.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-10-31T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel (RHSA-2018:3083)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8830", "CVE-2016-4913", "CVE-2017-0861", "CVE-2017-10661", "CVE-2017-17805", "CVE-2017-18208", "CVE-2017-18232", "CVE-2017-18344", "CVE-2017-18360", "CVE-2018-1000026", "CVE-2018-10322", "CVE-2018-10878", "CVE-2018-10879", "CVE-2018-10881", "CVE-2018-10883", "CVE-2018-10902", "CVE-2018-1092", "CVE-2018-1094", "CVE-2018-10940", "CVE-2018-1118", "CVE-2018-1120", "CVE-2018-1130", "CVE-2018-13405", "CVE-2018-18690", "CVE-2018-5344", "CVE-2018-5391", "CVE-2018-5803", "CVE-2018-5848", "CVE-2018-7740", "CVE-2018-7757", "CVE-2018-8781"], "modified": "2023-03-23T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:bpftool", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:perf-debuginfo", "p-cpe:/a:redhat:enterprise_linux:python-perf", "p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo", "cpe:/o:redhat:enterprise_linux:7"], "id": "REDHAT-RHSA-2018-3083.NASL", "href": "https://www.tenable.com/plugins/nessus/118525", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:3083. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(118525);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/23\");\n\n script_cve_id(\n \"CVE-2015-8830\",\n \"CVE-2016-4913\",\n \"CVE-2017-0861\",\n \"CVE-2017-10661\",\n \"CVE-2017-17805\",\n \"CVE-2017-18208\",\n \"CVE-2017-18232\",\n \"CVE-2017-18344\",\n \"CVE-2017-18360\",\n \"CVE-2018-1092\",\n \"CVE-2018-1094\",\n \"CVE-2018-1118\",\n \"CVE-2018-1120\",\n \"CVE-2018-1130\",\n \"CVE-2018-5344\",\n \"CVE-2018-5391\",\n \"CVE-2018-5803\",\n \"CVE-2018-5848\",\n \"CVE-2018-7740\",\n \"CVE-2018-7757\",\n \"CVE-2018-8781\",\n \"CVE-2018-10322\",\n \"CVE-2018-10878\",\n \"CVE-2018-10879\",\n \"CVE-2018-10881\",\n \"CVE-2018-10883\",\n \"CVE-2018-10902\",\n \"CVE-2018-10940\",\n \"CVE-2018-13405\",\n \"CVE-2018-18690\",\n \"CVE-2018-1000026\"\n );\n script_xref(name:\"RHSA\", value:\"2018:3083\");\n\n script_name(english:\"RHEL 7 : kernel (RHSA-2018:3083)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* A flaw named FragmentSmack was found in the way the Linux kernel\nhandled reassembly of fragmented IPv4 and IPv6 packets. A remote\nattacker could use this flaw to trigger time and calculation expensive\nfragment reassembly algorithm by sending specially crafted packets\nwhich could lead to a CPU saturation and hence a denial of service on\nthe system. (CVE-2018-5391)\n\n* kernel: out-of-bounds access in the show_timer function in\nkernel/time/ posix-timers.c (CVE-2017-18344)\n\n* kernel: Integer overflow in udl_fb_mmap() can allow attackers to\nexecute code in kernel space (CVE-2018-8781)\n\n* kernel: MIDI driver race condition leads to a double-free\n(CVE-2018-10902)\n\n* kernel: Missing check in inode_init_owner() does not clear SGID bit\non non-directories for non-members (CVE-2018-13405)\n\n* kernel: AIO write triggers integer overflow in some protocols\n(CVE-2015-8830)\n\n* kernel: Use-after-free in snd_pcm_info function in ALSA subsystem\npotentially leads to privilege escalation (CVE-2017-0861)\n\n* kernel: Handling of might_cancel queueing is not properly pretected\nagainst race (CVE-2017-10661)\n\n* kernel: Salsa20 encryption algorithm does not correctly handle\nzero-length inputs allowing local attackers to cause denial of service\n(CVE-2017-17805)\n\n* kernel: Inifinite loop vulnerability in madvise_willneed() function\nallows local denial of service (CVE-2017-18208)\n\n* kernel: fuse-backed file mmap-ed onto process cmdline arguments\ncauses denial of service (CVE-2018-1120)\n\n* kernel: a NULL pointer dereference in dccp_write_xmit() leads to a\nsystem crash (CVE-2018-1130)\n\n* kernel: drivers/block/loop.c mishandles lo_release serialization\nallowing denial of service (CVE-2018-5344)\n\n* kernel: Missing length check of payload in _sctp_make_chunk()\nfunction allows denial of service (CVE-2018-5803)\n\n* kernel: buffer overflow in drivers/net/wireless/ath/wil6210/\nwmi.c:wmi_set_ie() may lead to memory corruption (CVE-2018-5848)\n\n* kernel: out-of-bound write in ext4_init_block_bitmap function with a\ncrafted ext4 image (CVE-2018-10878)\n\n* kernel: Improper validation in bnx2x network card driver can allow\nfor denial of service attacks via crafted packet (CVE-2018-1000026)\n\n* kernel: Information leak when handling NM entries containing NUL\n(CVE-2016-4913)\n\n* kernel: Mishandling mutex within libsas allowing local Denial of\nService (CVE-2017-18232)\n\n* kernel: NULL pointer dereference in ext4_process_freed_data() when\nmounting crafted ext4 image (CVE-2018-1092)\n\n* kernel: NULL pointer dereference in ext4_xattr_inode_hash() causes\ncrash with crafted ext4 image (CVE-2018-1094)\n\n* kernel: vhost: Information disclosure in\nvhost/vhost.c:vhost_new_msg() (CVE-2018-1118)\n\n* kernel: Denial of service in resv_map_release function in\nmm/hugetlb.c (CVE-2018-7740)\n\n* kernel: Memory leak in the sas_smp_get_phy_events function in\ndrivers/scsi/ libsas/sas_expander.c (CVE-2018-7757)\n\n* kernel: Invalid pointer dereference in xfs_ilock_attr_map_shared()\nwhen mounting crafted xfs image allowing denial of service\n(CVE-2018-10322)\n\n* kernel: use-after-free detected in ext4_xattr_set_entry with a\ncrafted file (CVE-2018-10879)\n\n* kernel: out-of-bound access in ext4_get_group_info() when mounting\nand operating a crafted ext4 image (CVE-2018-10881)\n\n* kernel: stack-out-of-bounds write in jbd2_journal_dirty_metadata\nfunction (CVE-2018-10883)\n\n* kernel: incorrect memory bounds check in drivers/cdrom/cdrom.c\n(CVE-2018-10940)\n\nRed Hat would like to thank Juha-Matti Tilli (Aalto University -\nDepartment of Communications and Networking and Nokia Bell Labs) for\nreporting CVE-2018-5391; Trend Micro Zero Day Initiative for reporting\nCVE-2018-10902; Qualys Research Labs for reporting CVE-2018-1120;\nEvgenii Shatokhin (Virtuozzo Team) for reporting CVE-2018-1130; and\nWen Xu for reporting CVE-2018-1092 and CVE-2018-1094.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/articles/3553061\");\n # https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3395ff0b\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2018:3083\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2015-8830\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2016-4913\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2017-0861\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2017-10661\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2017-17805\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2017-18208\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2017-18232\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2017-18344\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2017-18360\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-1092\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-1094\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-1118\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-1120\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-1130\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-5344\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-5391\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-5803\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-5848\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-7740\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-7757\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-8781\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-10322\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-10878\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-10879\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-10881\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-10883\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-10902\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-10940\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-13405\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-18690\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-1000026\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-10661\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-8781\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2015-8830\", \"CVE-2016-4913\", \"CVE-2017-0861\", \"CVE-2017-10661\", \"CVE-2017-17805\", \"CVE-2017-18208\", \"CVE-2017-18232\", \"CVE-2017-18344\", \"CVE-2017-18360\", \"CVE-2018-1000026\", \"CVE-2018-10322\", \"CVE-2018-10878\", \"CVE-2018-10879\", \"CVE-2018-10881\", \"CVE-2018-10883\", \"CVE-2018-10902\", \"CVE-2018-1092\", \"CVE-2018-1094\", \"CVE-2018-10940\", \"CVE-2018-1118\", \"CVE-2018-1120\", \"CVE-2018-1130\", \"CVE-2018-13405\", \"CVE-2018-18690\", \"CVE-2018-5344\", \"CVE-2018-5391\", \"CVE-2018-5803\", \"CVE-2018-5848\", \"CVE-2018-7740\", \"CVE-2018-7757\", \"CVE-2018-8781\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2018:3083\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2018:3083\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"bpftool-3.10.0-957.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-3.10.0-957.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-3.10.0-957.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"kernel-abi-whitelists-3.10.0-957.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debug-3.10.0-957.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-957.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debug-debuginfo-3.10.0-957.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-3.10.0-957.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debug-devel-3.10.0-957.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-957.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debuginfo-3.10.0-957.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-3.10.0-957.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debuginfo-common-s390x-3.10.0-957.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-3.10.0-957.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-devel-3.10.0-957.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-957.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"kernel-doc-3.10.0-957.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-headers-3.10.0-957.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-957.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-kdump-3.10.0-957.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-kdump-debuginfo-3.10.0-957.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-kdump-devel-3.10.0-957.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-957.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-debuginfo-3.10.0-957.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-957.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-957.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"perf-3.10.0-957.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"perf-3.10.0-957.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"perf-debuginfo-3.10.0-957.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"perf-debuginfo-3.10.0-957.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"python-perf-3.10.0-957.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-957.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"python-perf-debuginfo-3.10.0-957.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-3.10.0-957.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bpftool / kernel / kernel-abi-whitelists / kernel-debug / etc\");\n }\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-03-24T14:46:17", "description": "An update for kernel-rt is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es) :\n\n* A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use this flaw to trigger time and calculation expensive fragment reassembly algorithm by sending specially crafted packets which could lead to a CPU saturation and hence a denial of service on the system. (CVE-2018-5391)\n\n* kernel: out-of-bounds access in the show_timer function in kernel/time/ posix-timers.c (CVE-2017-18344)\n\n* kernel: Integer overflow in udl_fb_mmap() can allow attackers to execute code in kernel space (CVE-2018-8781)\n\n* kernel: MIDI driver race condition leads to a double-free (CVE-2018-10902)\n\n* kernel: Missing check in inode_init_owner() does not clear SGID bit on non-directories for non-members (CVE-2018-13405)\n\n* kernel: AIO write triggers integer overflow in some protocols (CVE-2015-8830)\n\n* kernel: Use-after-free in snd_pcm_info function in ALSA subsystem potentially leads to privilege escalation (CVE-2017-0861)\n\n* kernel: Handling of might_cancel queueing is not properly pretected against race (CVE-2017-10661)\n\n* kernel: Salsa20 encryption algorithm does not correctly handle zero-length inputs allowing local attackers to cause denial of service (CVE-2017-17805)\n\n* kernel: Inifinite loop vulnerability in madvise_willneed() function allows local denial of service (CVE-2017-18208)\n\n* kernel: fuse-backed file mmap-ed onto process cmdline arguments causes denial of service (CVE-2018-1120)\n\n* kernel: a NULL pointer dereference in dccp_write_xmit() leads to a system crash (CVE-2018-1130)\n\n* kernel: drivers/block/loop.c mishandles lo_release serialization allowing denial of service (CVE-2018-5344)\n\n* kernel: Missing length check of payload in _sctp_make_chunk() function allows denial of service (CVE-2018-5803)\n\n* kernel: buffer overflow in drivers/net/wireless/ath/wil6210/ wmi.c:wmi_set_ie() may lead to memory corruption (CVE-2018-5848)\n\n* kernel: out-of-bound write in ext4_init_block_bitmap function with a crafted ext4 image (CVE-2018-10878)\n\n* kernel: Improper validation in bnx2x network card driver can allow for denial of service attacks via crafted packet (CVE-2018-1000026)\n\n* kernel: Information leak when handling NM entries containing NUL (CVE-2016-4913)\n\n* kernel: Mishandling mutex within libsas allowing local Denial of Service (CVE-2017-18232)\n\n* kernel: NULL pointer dereference in ext4_process_freed_data() when mounting crafted ext4 image (CVE-2018-1092)\n\n* kernel: NULL pointer dereference in ext4_xattr_inode_hash() causes crash with crafted ext4 image (CVE-2018-1094)\n\n* kernel: vhost: Information disclosure in vhost.c:vhost_new_msg() (CVE-2018-1118)\n\n* kernel: Denial of service in resv_map_release function in mm/hugetlb.c (CVE-2018-7740)\n\n* kernel: Memory leak in the sas_smp_get_phy_events function in drivers/scsi/ libsas/sas_expander.c (CVE-2018-7757)\n\n* kernel: Invalid pointer dereference in xfs_ilock_attr_map_shared() when mounting crafted xfs image allowing denial of service (CVE-2018-10322)\n\n* kernel: use-after-free detected in ext4_xattr_set_entry with a crafted file (CVE-2018-10879)\n\n* kernel: out-of-bound access in ext4_get_group_info() when mounting and operating a crafted ext4 image (CVE-2018-10881)\n\n* kernel: stack-out-of-bounds write in jbd2_journal_dirty_metadata function (CVE-2018-10883)\n\n* kernel: incorrect memory bounds check in drivers/cdrom/cdrom.c (CVE-2018-10940)\n\nRed Hat would like to thank Juha-Matti Tilli (Aalto University - Department of Communications and Networking and Nokia Bell Labs) for reporting CVE-2018-5391; Trend Micro Zero Day Initiative for reporting CVE-2018-10902; Qualys Research Labs for reporting CVE-2018-1120;\nEvgenii Shatokhin (Virtuozzo Team) for reporting CVE-2018-1130; and Wen Xu for reporting CVE-2018-1092 and CVE-2018-1094.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-10-31T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel-rt (RHSA-2018:3096)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8830", "CVE-2016-4913", "CVE-2017-0861", "CVE-2017-10661", "CVE-2017-17805", "CVE-2017-18208", "CVE-2017-18232", "CVE-2017-18344", "CVE-2017-18360", "CVE-2018-1000026", "CVE-2018-10322", "CVE-2018-10878", "CVE-2018-10879", "CVE-2018-10881", "CVE-2018-10883", "CVE-2018-10902", "CVE-2018-1092", "CVE-2018-1094", "CVE-2018-10940", "CVE-2018-1118", "CVE-2018-1120", "CVE-2018-1130", "CVE-2018-13405", "CVE-2018-18690", "CVE-2018-5344", "CVE-2018-5391", "CVE-2018-5803", "CVE-2018-5848", "CVE-2018-7740", "CVE-2018-7757", "CVE-2018-8781"], "modified": "2023-03-23T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel-rt", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm-debuginfo", "cpe:/o:redhat:enterprise_linux:7"], "id": "REDHAT-RHSA-2018-3096.NASL", "href": "https://www.tenable.com/plugins/nessus/118528", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:3096. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(118528);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/23\");\n\n script_cve_id(\n \"CVE-2015-8830\",\n \"CVE-2016-4913\",\n \"CVE-2017-0861\",\n \"CVE-2017-10661\",\n \"CVE-2017-17805\",\n \"CVE-2017-18208\",\n \"CVE-2017-18232\",\n \"CVE-2017-18344\",\n \"CVE-2017-18360\",\n \"CVE-2018-1092\",\n \"CVE-2018-1094\",\n \"CVE-2018-1118\",\n \"CVE-2018-1120\",\n \"CVE-2018-1130\",\n \"CVE-2018-5344\",\n \"CVE-2018-5391\",\n \"CVE-2018-5803\",\n \"CVE-2018-5848\",\n \"CVE-2018-7740\",\n \"CVE-2018-7757\",\n \"CVE-2018-8781\",\n \"CVE-2018-10322\",\n \"CVE-2018-10878\",\n \"CVE-2018-10879\",\n \"CVE-2018-10881\",\n \"CVE-2018-10883\",\n \"CVE-2018-10902\",\n \"CVE-2018-10940\",\n \"CVE-2018-13405\",\n \"CVE-2018-18690\",\n \"CVE-2018-1000026\"\n );\n script_xref(name:\"RHSA\", value:\"2018:3096\");\n\n script_name(english:\"RHEL 7 : kernel-rt (RHSA-2018:3096)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for kernel-rt is now available for Red Hat Enterprise Linux\n7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel-rt packages provide the Real Time Linux Kernel, which\nenables fine-tuning for systems with extremely high determinism\nrequirements.\n\nSecurity Fix(es) :\n\n* A flaw named FragmentSmack was found in the way the Linux kernel\nhandled reassembly of fragmented IPv4 and IPv6 packets. A remote\nattacker could use this flaw to trigger time and calculation expensive\nfragment reassembly algorithm by sending specially crafted packets\nwhich could lead to a CPU saturation and hence a denial of service on\nthe system. (CVE-2018-5391)\n\n* kernel: out-of-bounds access in the show_timer function in\nkernel/time/ posix-timers.c (CVE-2017-18344)\n\n* kernel: Integer overflow in udl_fb_mmap() can allow attackers to\nexecute code in kernel space (CVE-2018-8781)\n\n* kernel: MIDI driver race condition leads to a double-free\n(CVE-2018-10902)\n\n* kernel: Missing check in inode_init_owner() does not clear SGID bit\non non-directories for non-members (CVE-2018-13405)\n\n* kernel: AIO write triggers integer overflow in some protocols\n(CVE-2015-8830)\n\n* kernel: Use-after-free in snd_pcm_info function in ALSA subsystem\npotentially leads to privilege escalation (CVE-2017-0861)\n\n* kernel: Handling of might_cancel queueing is not properly pretected\nagainst race (CVE-2017-10661)\n\n* kernel: Salsa20 encryption algorithm does not correctly handle\nzero-length inputs allowing local attackers to cause denial of service\n(CVE-2017-17805)\n\n* kernel: Inifinite loop vulnerability in madvise_willneed() function\nallows local denial of service (CVE-2017-18208)\n\n* kernel: fuse-backed file mmap-ed onto process cmdline arguments\ncauses denial of service (CVE-2018-1120)\n\n* kernel: a NULL pointer dereference in dccp_write_xmit() leads to a\nsystem crash (CVE-2018-1130)\n\n* kernel: drivers/block/loop.c mishandles lo_release serialization\nallowing denial of service (CVE-2018-5344)\n\n* kernel: Missing length check of payload in _sctp_make_chunk()\nfunction allows denial of service (CVE-2018-5803)\n\n* kernel: buffer overflow in drivers/net/wireless/ath/wil6210/\nwmi.c:wmi_set_ie() may lead to memory corruption (CVE-2018-5848)\n\n* kernel: out-of-bound write in ext4_init_block_bitmap function with a\ncrafted ext4 image (CVE-2018-10878)\n\n* kernel: Improper validation in bnx2x network card driver can allow\nfor denial of service attacks via crafted packet (CVE-2018-1000026)\n\n* kernel: Information leak when handling NM entries containing NUL\n(CVE-2016-4913)\n\n* kernel: Mishandling mutex within libsas allowing local Denial of\nService (CVE-2017-18232)\n\n* kernel: NULL pointer dereference in ext4_process_freed_data() when\nmounting crafted ext4 image (CVE-2018-1092)\n\n* kernel: NULL pointer dereference in ext4_xattr_inode_hash() causes\ncrash with crafted ext4 image (CVE-2018-1094)\n\n* kernel: vhost: Information disclosure in vhost.c:vhost_new_msg()\n(CVE-2018-1118)\n\n* kernel: Denial of service in resv_map_release function in\nmm/hugetlb.c (CVE-2018-7740)\n\n* kernel: Memory leak in the sas_smp_get_phy_events function in\ndrivers/scsi/ libsas/sas_expander.c (CVE-2018-7757)\n\n* kernel: Invalid pointer dereference in xfs_ilock_attr_map_shared()\nwhen mounting crafted xfs image allowing denial of service\n(CVE-2018-10322)\n\n* kernel: use-after-free detected in ext4_xattr_set_entry with a\ncrafted file (CVE-2018-10879)\n\n* kernel: out-of-bound access in ext4_get_group_info() when mounting\nand operating a crafted ext4 image (CVE-2018-10881)\n\n* kernel: stack-out-of-bounds write in jbd2_journal_dirty_metadata\nfunction (CVE-2018-10883)\n\n* kernel: incorrect memory bounds check in drivers/cdrom/cdrom.c\n(CVE-2018-10940)\n\nRed Hat would like to thank Juha-Matti Tilli (Aalto University -\nDepartment of Communications and Networking and Nokia Bell Labs) for\nreporting CVE-2018-5391; Trend Micro Zero Day Initiative for reporting\nCVE-2018-10902; Qualys Research Labs for reporting CVE-2018-1120;\nEvgenii Shatokhin (Virtuozzo Team) for reporting CVE-2018-1130; and\nWen Xu for reporting CVE-2018-1092 and CVE-2018-1094.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/articles/3553061\");\n # https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3395ff0b\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2018:3096\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2015-8830\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2016-4913\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2017-0861\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2017-10661\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2017-17805\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2017-18208\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2017-18232\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2017-18344\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2017-18360\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-1092\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-1094\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-1118\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-1120\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-1130\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-5344\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-5391\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-5803\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-5848\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-7740\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-7757\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-8781\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-10322\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-10878\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-10879\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-10881\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-10883\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-10902\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-10940\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-13405\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-18690\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-1000026\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-10661\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-8781\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2015-8830\", \"CVE-2016-4913\", \"CVE-2017-0861\", \"CVE-2017-10661\", \"CVE-2017-17805\", \"CVE-2017-18208\", \"CVE-2017-18232\", \"CVE-2017-18344\", \"CVE-2017-18360\", \"CVE-2018-1000026\", \"CVE-2018-10322\", \"CVE-2018-10878\", \"CVE-2018-10879\", \"CVE-2018-10881\", \"CVE-2018-10883\", \"CVE-2018-10902\", \"CVE-2018-1092\", \"CVE-2018-1094\", \"CVE-2018-10940\", \"CVE-2018-1118\", \"CVE-2018-1120\", \"CVE-2018-1130\", \"CVE-2018-13405\", \"CVE-2018-18690\", \"CVE-2018-5344\", \"CVE-2018-5391\", \"CVE-2018-5803\", \"CVE-2018-5848\", \"CVE-2018-7740\", \"CVE-2018-7757\", \"CVE-2018-8781\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2018:3096\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2018:3096\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-3.10.0-957.rt56.910.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-3.10.0-957.rt56.910.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-debuginfo-3.10.0-957.rt56.910.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-devel-3.10.0-957.rt56.910.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-kvm-3.10.0-957.rt56.910.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-kvm-debuginfo-3.10.0-957.rt56.910.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-3.10.0-957.rt56.910.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-common-x86_64-3.10.0-957.rt56.910.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-devel-3.10.0-957.rt56.910.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"kernel-rt-doc-3.10.0-957.rt56.910.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-kvm-3.10.0-957.rt56.910.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-kvm-debuginfo-3.10.0-957.rt56.910.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-3.10.0-957.rt56.910.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-debuginfo-3.10.0-957.rt56.910.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-devel-3.10.0-957.rt56.910.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-kvm-3.10.0-957.rt56.910.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-kvm-debuginfo-3.10.0-957.rt56.910.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-rt / kernel-rt-debug / kernel-rt-debug-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-03-10T14:47:17", "description": "The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2018-3083 advisory.\n\n - The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel before 4.5.5 mishandles NM (aka alternate name) entries containing \\0 characters, which allows local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs filesystem.\n (CVE-2016-4913)\n\n - Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing. (CVE-2017-10661)\n\n - Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allows attackers to gain privileges via unspecified vectors. (CVE-2017-0861)\n\n - Integer overflow in the aio_setup_single_vector function in fs/aio.c in the Linux kernel 4.0 allows local users to cause a denial of service or possibly have unspecified other impact via a large AIO iovec. NOTE:\n this vulnerability exists because of a CVE-2012-6701 regression. (CVE-2015-8830)\n\n - In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102, an error in the\n _sctp_make_chunk() function (net/sctp/sm_make_chunk.c) when handling SCTP packets length can be exploited to cause a kernel crash. (CVE-2018-5803)\n\n - Linux kernel before version 4.16-rc7 is vulnerable to a null pointer dereference in dccp_write_xmit() function in net/dccp/output.c in that allows a local user to cause a denial of service by a number of certain crafted system calls. (CVE-2018-1130)\n\n - The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c at the Linux kernel version 3.4 and up to and including 4.15 has an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space. (CVE-2018-8781)\n\n - The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allows userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE).\n (CVE-2017-18344)\n\n - The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size. (CVE-2018-5391)\n\n - The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID. (CVE-2018-13405)\n\n - The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable. (CVE-2017-17805)\n\n - The madvise_willneed function in mm/madvise.c in the Linux kernel before 4.14.4 allows local users to cause a denial of service (infinite loop) by triggering use of MADVISE_WILLNEED for a DAX mapping.\n (CVE-2017-18208)\n\n - The Serial Attached SCSI (SAS) implementation in the Linux kernel through 4.15.9 mishandles a mutex within libsas, which allows local users to cause a denial of service (deadlock) by triggering certain error- handling code. (CVE-2017-18232)\n\n - The ext4_iget function in fs/ext4/inode.c in the Linux kernel through 4.15.15 mishandles the case of a root directory with a zero i_links_count, which allows attackers to cause a denial of service (ext4_process_freed_data NULL pointer dereference and OOPS) via a crafted ext4 image. (CVE-2018-1092)\n\n - In the function wmi_set_ie(), the length validation code does not handle unsigned integer overflow properly. As a result, a large value of the 'ie_len' argument can cause a buffer overflow in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.\n (CVE-2018-5848)\n\n - Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (memory consumption) via many read accesses to files in the /sys/class/sas_phy directory, as demonstrated by the /sys/class/sas_phy/phy-1:0:12/invalid_dword_count file. (CVE-2018-7757)\n\n - The xfs_dinode_verify function in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_ilock_attr_map_shared invalid pointer dereference) via a crafted xfs image. (CVE-2018-10322)\n\n - A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write and a denial of service or unspecified other impact is possible by mounting and operating a crafted ext4 filesystem image. (CVE-2018-10878)\n\n - The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.15.15 does not always initialize the crc32c checksum driver, which allows attackers to cause a denial of service (ext4_xattr_inode_hash NULL pointer dereference and system crash) via a crafted ext4 image.\n (CVE-2018-1094)\n\n - Linux kernel vhost since version 4.8 does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file. (CVE-2018-1118)\n\n - A flaw was found affecting the Linux kernel before version 4.17. By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker can cause utilities from psutils or procps (such as ps, w) or any other program which makes a read() call to the /proc//cmdline (or /proc//environ) files to block indefinitely (denial of service) or for some controlled time (as a synchronization primitive for other attacks). (CVE-2018-1120)\n\n - In the Linux kernel through 4.14.13, drivers/block/loop.c mishandles lo_release serialization, which allows attackers to cause a denial of service (__lock_acquire use-after-free) or possibly have unspecified other impact. (CVE-2018-5344)\n\n - The resv_map_release function in mm/hugetlb.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (BUG) via a crafted application that makes mmap system calls and has a large pgoff argument to the remap_file_pages system call. (CVE-2018-7740)\n\n - A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact may occur by renaming a file in a crafted ext4 filesystem image. (CVE-2018-10879)\n\n - A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image. (CVE-2018-10881)\n\n - A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image. (CVE-2018-10883)\n\n - It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local attacker could possibly use this for privilege escalation. (CVE-2018-10902)\n\n - The cdrom_ioctl_media_changed function in drivers/cdrom/cdrom.c in the Linux kernel before 4.16.6 allows local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory. (CVE-2018-10940)\n\n - Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line. This attack appear to be exploitable via An attacker on a must pass a very large, specially crafted packet to the bnx2x card. This can be done from an untrusted guest VM..\n (CVE-2018-1000026)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-11-07T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : kernel (ELSA-2018-3083)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-6701", "CVE-2015-8830", "CVE-2016-4913", "CVE-2017-0861", "CVE-2017-10661", "CVE-2017-17805", "CVE-2017-18208", "CVE-2017-18232", "CVE-2017-18344", "CVE-2017-18360", "CVE-2018-1000026", "CVE-2018-10322", "CVE-2018-10878", "CVE-2018-10879", "CVE-2018-10881", "CVE-2018-10883", "CVE-2018-10902", "CVE-2018-1092", "CVE-2018-1094", "CVE-2018-10940", "CVE-2018-1118", "CVE-2018-1120", "CVE-2018-1130", "CVE-2018-13405", "CVE-2018-18690", "CVE-2018-5344", "CVE-2018-5391", "CVE-2018-5803", "CVE-2018-5848", "CVE-2018-7740", "CVE-2018-7757", "CVE-2018-8781"], "modified": "2022-05-31T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:bpftool", "p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-abi-whitelists", "p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:kernel-tools", "p-cpe:/a:oracle:linux:kernel-tools-libs", "p-cpe:/a:oracle:linux:kernel-tools-libs-devel", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2018-3083.NASL", "href": "https://www.tenable.com/plugins/nessus/118770", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2018-3083.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(118770);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/31\");\n\n script_cve_id(\n \"CVE-2015-8830\",\n \"CVE-2016-4913\",\n \"CVE-2017-0861\",\n \"CVE-2017-10661\",\n \"CVE-2017-17805\",\n \"CVE-2017-18208\",\n \"CVE-2017-18232\",\n \"CVE-2017-18344\",\n \"CVE-2017-18360\",\n \"CVE-2018-1092\",\n \"CVE-2018-1094\",\n \"CVE-2018-1118\",\n \"CVE-2018-1120\",\n \"CVE-2018-1130\",\n \"CVE-2018-5344\",\n \"CVE-2018-5391\",\n \"CVE-2018-5803\",\n \"CVE-2018-5848\",\n \"CVE-2018-7740\",\n \"CVE-2018-7757\",\n \"CVE-2018-8781\",\n \"CVE-2018-10322\",\n \"CVE-2018-10878\",\n \"CVE-2018-10879\",\n \"CVE-2018-10881\",\n \"CVE-2018-10883\",\n \"CVE-2018-10902\",\n \"CVE-2018-10940\",\n \"CVE-2018-13405\",\n \"CVE-2018-18690\",\n \"CVE-2018-1000026\"\n );\n script_xref(name:\"RHSA\", value:\"2018:3083\");\n\n script_name(english:\"Oracle Linux 7 : kernel (ELSA-2018-3083)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2018-3083 advisory.\n\n - The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel before 4.5.5 mishandles NM\n (aka alternate name) entries containing \\0 characters, which allows local users to obtain sensitive\n information from kernel memory or possibly have unspecified other impact via a crafted isofs filesystem.\n (CVE-2016-4913)\n\n - Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privileges or\n cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations\n that leverage improper might_cancel queueing. (CVE-2017-10661)\n\n - Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allows\n attackers to gain privileges via unspecified vectors. (CVE-2017-0861)\n\n - Integer overflow in the aio_setup_single_vector function in fs/aio.c in the Linux kernel 4.0 allows local\n users to cause a denial of service or possibly have unspecified other impact via a large AIO iovec. NOTE:\n this vulnerability exists because of a CVE-2012-6701 regression. (CVE-2015-8830)\n\n - In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102, an error in the\n _sctp_make_chunk() function (net/sctp/sm_make_chunk.c) when handling SCTP packets length can be\n exploited to cause a kernel crash. (CVE-2018-5803)\n\n - Linux kernel before version 4.16-rc7 is vulnerable to a null pointer dereference in dccp_write_xmit()\n function in net/dccp/output.c in that allows a local user to cause a denial of service by a number of\n certain crafted system calls. (CVE-2018-1130)\n\n - The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c at the Linux kernel version 3.4 and up to and\n including 4.15 has an integer-overflow vulnerability allowing local users with access to the udldrmfb\n driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution\n in kernel space. (CVE-2018-8781)\n\n - The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8\n doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the\n show_timer function (called when /proc/$PID/timers is read). This allows userspace applications to read\n arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE).\n (CVE-2017-18344)\n\n - The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially\n modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by\n sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered\n and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel\n with the increase of the IP fragment reassembly queue size. (CVE-2018-5391)\n\n - The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create\n files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and\n is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a\n plain file whose group ownership is that group. The intended behavior was that the non-member can trigger\n creation of a directory (but not a plain file) whose group ownership is that group. The non-member can\n escalate privileges by making the plain file executable and SGID. (CVE-2018-13405)\n\n - The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length\n inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface\n (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel\n crash) or have unspecified other impact by executing a crafted sequence of system calls that use the\n blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation\n (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable. (CVE-2017-17805)\n\n - The madvise_willneed function in mm/madvise.c in the Linux kernel before 4.14.4 allows local users to\n cause a denial of service (infinite loop) by triggering use of MADVISE_WILLNEED for a DAX mapping.\n (CVE-2017-18208)\n\n - The Serial Attached SCSI (SAS) implementation in the Linux kernel through 4.15.9 mishandles a mutex within\n libsas, which allows local users to cause a denial of service (deadlock) by triggering certain error-\n handling code. (CVE-2017-18232)\n\n - The ext4_iget function in fs/ext4/inode.c in the Linux kernel through 4.15.15 mishandles the case of a\n root directory with a zero i_links_count, which allows attackers to cause a denial of service\n (ext4_process_freed_data NULL pointer dereference and OOPS) via a crafted ext4 image. (CVE-2018-1092)\n\n - In the function wmi_set_ie(), the length validation code does not handle unsigned integer overflow\n properly. As a result, a large value of the 'ie_len' argument can cause a buffer overflow in all Android\n releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.\n (CVE-2018-5848)\n\n - Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c in the Linux\n kernel through 4.15.7 allows local users to cause a denial of service (memory consumption) via many read\n accesses to files in the /sys/class/sas_phy directory, as demonstrated by the\n /sys/class/sas_phy/phy-1:0:12/invalid_dword_count file. (CVE-2018-7757)\n\n - The xfs_dinode_verify function in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.16.3 allows\n local users to cause a denial of service (xfs_ilock_attr_map_shared invalid pointer dereference) via a\n crafted xfs image. (CVE-2018-10322)\n\n - A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write and\n a denial of service or unspecified other impact is possible by mounting and operating a crafted ext4\n filesystem image. (CVE-2018-10878)\n\n - The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.15.15 does not always\n initialize the crc32c checksum driver, which allows attackers to cause a denial of service\n (ext4_xattr_inode_hash NULL pointer dereference and system crash) via a crafted ext4 image.\n (CVE-2018-1094)\n\n - Linux kernel vhost since version 4.8 does not properly initialize memory in messages passed between\n virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This can allow\n local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device\n file. (CVE-2018-1118)\n\n - A flaw was found affecting the Linux kernel before version 4.17. By mmap()ing a FUSE-backed file onto a\n process's memory containing command line arguments (or environment strings), an attacker can cause\n utilities from psutils or procps (such as ps, w) or any other program which makes a read() call to the\n /proc//cmdline (or /proc//environ) files to block indefinitely (denial of service) or for some\n controlled time (as a synchronization primitive for other attacks). (CVE-2018-1120)\n\n - In the Linux kernel through 4.14.13, drivers/block/loop.c mishandles lo_release serialization, which\n allows attackers to cause a denial of service (__lock_acquire use-after-free) or possibly have unspecified\n other impact. (CVE-2018-5344)\n\n - The resv_map_release function in mm/hugetlb.c in the Linux kernel through 4.15.7 allows local users to\n cause a denial of service (BUG) via a crafted application that makes mmap system calls and has a large\n pgoff argument to the remap_file_pages system call. (CVE-2018-7740)\n\n - A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause a use-after-free in\n ext4_xattr_set_entry function and a denial of service or unspecified other impact may occur by renaming a\n file in a crafted ext4 filesystem image. (CVE-2018-10879)\n\n - A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound access in\n ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a\n crafted ext4 filesystem image. (CVE-2018-10881)\n\n - A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write in\n jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a\n crafted ext4 filesystem image. (CVE-2018-10883)\n\n - It was found that the raw midi kernel driver does not protect against concurrent access which leads to a\n double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part\n of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local attacker could possibly use this for\n privilege escalation. (CVE-2018-10902)\n\n - The cdrom_ioctl_media_changed function in drivers/cdrom/cdrom.c in the Linux kernel before 4.16.6 allows\n local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out\n kernel memory. (CVE-2018-10940)\n\n - Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input\n validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware\n assertion takes card off-line. This attack appear to be exploitable via An attacker on a must pass a very\n large, specially crafted packet to the bnx2x card. This can be done from an untrusted guest VM..\n (CVE-2018-1000026)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2018-3083.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-10661\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-8781\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/02/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['3.10.0-957.el7'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2018-3083');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '3.10';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'bpftool-3.10.0-957.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-957.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-3.10.0'},\n {'reference':'kernel-abi-whitelists-3.10.0-957.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-abi-whitelists-3.10.0'},\n {'reference':'kernel-debug-3.10.0-957.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-3.10.0'},\n {'reference':'kernel-debug-devel-3.10.0-957.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-devel-3.10.0'},\n {'reference':'kernel-devel-3.10.0-957.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-3.10.0'},\n {'reference':'kernel-headers-3.10.0-957.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-3.10.0'},\n {'reference':'kernel-tools-3.10.0-957.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-3.10.0'},\n {'reference':'kernel-tools-libs-3.10.0-957.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-3.10.0'},\n {'reference':'kernel-tools-libs-devel-3.10.0-957.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-devel-3.10.0'},\n {'reference':'perf-3.10.0-957.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-957.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / etc');\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-11T14:45:57", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.\n\n - CVE-2015-9016 Ming Lei reported a race condition in the multiqueue block layer (blk-mq). On a system with a driver using blk-mq (mtip32xx, null_blk, or virtio_blk), a local user might be able to use this for denial of service or possibly for privilege escalation.\n\n - CVE-2017-0861 Robb Glasser reported a potential use-after-free in the ALSA (sound) PCM core. We believe this was not possible in practice.\n\n - CVE-2017-5715 Multiple researchers have discovered a vulnerability in various processors supporting speculative execution, enabling an attacker controlling an unprivileged process to read memory from arbitrary addresses, including from the kernel and all other processes running on the system.\n\n This specific attack has been named Spectre variant 2 (branch target injection) and is mitigated for the x86 architecture (amd64 and i386) by using the 'retpoline' compiler feature which allows indirect branches to be isolated from speculative execution.\n\n - CVE-2017-5753 Multiple researchers have discovered a vulnerability in various processors supporting speculative execution, enabling an attacker controlling an unprivileged process to read memory from arbitrary addresses, including from the kernel and all other processes running on the system.\n\n This specific attack has been named Spectre variant 1 (bounds-check bypass) and is mitigated by identifying vulnerable code sections (array bounds checking followed by array access) and replacing the array access with the speculation-safe array_index_nospec() function.\n\n More use sites will be added over time.\n\n - CVE-2017-13166 A bug in the 32-bit compatibility layer of the v4l2 ioctl handling code has been found. Memory protections ensuring user-provided buffers always point to userland memory were disabled, allowing destination addresses to be in kernel space. On a 64-bit kernel a local user with access to a suitable video device can exploit this to overwrite kernel memory, leading to privilege escalation.\n\n - CVE-2017-13220 Al Viro reported that the Bluetooth HIDP implementation could dereference a pointer before performing the necessary type check. A local user could use this to cause a denial of service.\n\n - CVE-2017-16526 Andrey Konovalov reported that the UWB subsystem may dereference an invalid pointer in an error case. A local user might be able to use this for denial of service.\n\n - CVE-2017-16911 Secunia Research reported that the USB/IP vhci_hcd driver exposed kernel heap addresses to local users.\n This information could aid the exploitation of other vulnerabilities.\n\n - CVE-2017-16912 Secunia Research reported that the USB/IP stub driver failed to perform a range check on a received packet header field, leading to an out-of-bounds read. A remote user able to connect to the USB/IP server could use this for denial of service.\n\n - CVE-2017-16913 Secunia Research reported that the USB/IP stub driver failed to perform a range check on a received packet header field, leading to excessive memory allocation. A remote user able to connect to the USB/IP server could use this for denial of service.\n\n - CVE-2017-16914 Secunia Research reported that the USB/IP stub driver failed to check for an invalid combination of fields in a received packet, leading to a NULL pointer dereference. A remote user able to connect to the USB/IP server could use this for denial of service.\n\n - CVE-2017-18017 Denys Fedoryshchenko reported that the netfilter xt_TCPMSS module failed to validate TCP header lengths, potentially leading to a use-after-free. If this module is loaded, it could be used by a remote attacker for denial of service or possibly for code execution.\n\n - CVE-2017-18203 Hou Tao reported that there was a race condition in creation and deletion of device-mapper (DM) devices. A local user could potentially use this for denial of service.\n\n - CVE-2017-18216 Alex Chen reported that the OCFS2 filesystem failed to hold a necessary lock during nodemanager sysfs file operations, potentially leading to a NULL pointer dereference. A local user could use this for denial of service.\n\n - CVE-2017-18232 Jason Yan reported a race condition in the SAS (Serial-Attached SCSI) subsystem, between probing and destroying a port. This could lead to a deadlock. A physically present attacker could use this to cause a denial of service.\n\n - CVE-2017-18241 Yunlei He reported that the f2fs implementation does not properly initialise its state if the 'noflush_merge' mount option is used. A local user with access to a filesystem mounted with this option could use this to cause a denial of service.\n\n - CVE-2018-1066 Dan Aloni reported to Red Hat that the CIFS client implementation would dereference a NULL pointer if the server sent an invalid response during NTLMSSP setup negotiation. This could be used by a malicious server for denial of service.\n\n - CVE-2018-1068 The syzkaller tool found that the 32-bit compatibility layer of ebtables did not sufficiently validate offset values. On a 64-bit kernel, a local user with the CAP_NET_ADMIN capability (in any user namespace) could use this to overwrite kernel memory, possibly leading to privilege escalation. Debian disables unprivileged user namespaces by default.\n\n - CVE-2018-1092 Wen Xu reported that a crafted ext4 filesystem image would trigger a null dereference when mounted. A local user able to mount arbitrary filesystems could use this for denial of service.\n\n - CVE-2018-5332 Mohamed Ghannam reported that the RDS protocol did not sufficiently validate RDMA requests, leading to an out-of-bounds write. A local attacker on a system with the rds module loaded could use this for denial of service or possibly for privilege escalation.\n\n - CVE-2018-5333 Mohamed Ghannam reported that the RDS protocol did not properly handle an error case, leading to a NULL pointer dereference. A local attacker on a system with the rds module loaded could possibly use this for denial of service.\n\n - CVE-2018-5750 Wang Qize reported that the ACPI sbshc driver logged a kernel heap address. This information could aid the exploitation of other vulnerabilities.\n\n - CVE-2018-5803 Alexey Kodanev reported that the SCTP protocol did not range-check the length of chunks to be created. A local or remote user could use this to cause a denial of service.\n\n - CVE-2018-6927 Li Jinyue reported that the FUTEX_REQUEUE operation on futexes did not check for negative parameter values, which might lead to a denial of service or other security impact.\n\n - CVE-2018-7492 The syzkaller tool found that the RDS protocol was lacking a null pointer check. A local attacker on a system with the rds module loaded could use this for denial of service.\n\n - CVE-2018-7566 Fan LongFei reported a race condition in the ALSA (sound) sequencer core, between write and ioctl operations. This could lead to an out-of-bounds access or use-after-free. A local user with access to a sequencer device could use this for denial of service or possibly for privilege escalation.\n\n - CVE-2018-7740 Nic Losby reported that the hugetlbfs filesystem's mmap operation did not properly range-check the file offset.\n A local user with access to files on a hugetlbfs filesystem could use this to cause a denial of service.\n\n - CVE-2018-7757 Jason Yan reported a memory leak in the SAS (Serial-Attached SCSI) subsystem. A local user on a system with SAS devices could use this to cause a denial of service.\n\n - CVE-2018-7995 Seunghun Han reported a race condition in the x86 MCE (Machine Check Exception) driver. This is unlikely to have any security impact.\n\n - CVE-2018-8781 Eyal Itkin reported that the udl (DisplayLink) driver's mmap operation did not properly range-check the file offset. A local user with access to a udl framebuffer device could exploit this to overwrite kernel memory, leading to privilege escalation.\n\n - CVE-2018-8822 Dr Silvio Cesare of InfoSect reported that the ncpfs client implementation did not validate reply lengths from the server. An ncpfs server could use this to cause a denial of service or remote code execution in the client.\n\n - CVE-2018-1000004 Luo Quan reported a race condition in the ALSA (sound) sequencer core, between multiple ioctl operations. This could lead to a deadlock or use-after-free. A local user with access to a sequencer device could use this for denial of service or possibly for privilege escalation.\n\n - CVE-2018-1000199 Andy Lutomirski discovered that the ptrace subsystem did not sufficiently validate hardware breakpoint settings.\n Local users can use this to cause a denial of service, or possibly for privilege escalation, on x86 (amd64 and i386) and possibly other architectures.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-05-02T00:00:00", "type": "nessus", "title": "Debian DSA-4187-1 : linux - security update (Spectre)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-9016", "CVE-2017-0861", "CVE-2017-13166", "CVE-2017-13220", "CVE-2017-16526", "CVE-2017-16911", "CVE-2017-16912", "CVE-2017-16913", "CVE-2017-16914", "CVE-2017-18017", "CVE-2017-18203", "CVE-2017-18216", "CVE-2017-18232", "CVE-2017-18241", "CVE-2017-5715", "CVE-2017-5753", "CVE-2018-1000004", "CVE-2018-1000199", "CVE-2018-1066", "CVE-2018-1068", "CVE-2018-1092", "CVE-2018-5332", "CVE-2018-5333", "CVE-2018-5750", "CVE-2018-5803", "CVE-2018-6927", "CVE-2018-7492", "CVE-2018-7566", "CVE-2018-7740", "CVE-2018-7757", "CVE-2018-7995", "CVE-2018-8781", "CVE-2018-8822"], "modified": "2020-01-23T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:linux", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DSA-4187.NASL", "href": "https://www.tenable.com/plugins/nessus/109517", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4187. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(109517);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2020/01/23\");\n\n script_cve_id(\"CVE-2015-9016\", \"CVE-2017-0861\", \"CVE-2017-13166\", \"CVE-2017-13220\", \"CVE-2017-16526\", \"CVE-2017-16911\", \"CVE-2017-16912\", \"CVE-2017-16913\", \"CVE-2017-16914\", \"CVE-2017-18017\", \"CVE-2017-18203\", \"CVE-2017-18216\", \"CVE-2017-18232\", \"CVE-2017-18241\", \"CVE-2017-5715\", \"CVE-2017-5753\", \"CVE-2018-1000004\", \"CVE-2018-1000199\", \"CVE-2018-1066\", \"CVE-2018-1068\", \"CVE-2018-1092\", \"CVE-2018-5332\", \"CVE-2018-5333\", \"CVE-2018-5750\", \"CVE-2018-5803\", \"CVE-2018-6927\", \"CVE-2018-7492\", \"CVE-2018-7566\", \"CVE-2018-7740\", \"CVE-2018-7757\", \"CVE-2018-7995\", \"CVE-2018-8781\", \"CVE-2018-8822\");\n script_xref(name:\"DSA\", value:\"4187\");\n script_xref(name:\"IAVA\", value:\"2018-A-0020\");\n\n script_name(english:\"Debian DSA-4187-1 : linux - security update (Spectre)\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\n - CVE-2015-9016\n Ming Lei reported a race condition in the multiqueue\n block layer (blk-mq). On a system with a driver using\n blk-mq (mtip32xx, null_blk, or virtio_blk), a local user\n might be able to use this for denial of service or\n possibly for privilege escalation.\n\n - CVE-2017-0861\n Robb Glasser reported a potential use-after-free in the\n ALSA (sound) PCM core. We believe this was not possible\n in practice.\n\n - CVE-2017-5715\n Multiple researchers have discovered a vulnerability in\n various processors supporting speculative execution,\n enabling an attacker controlling an unprivileged process\n to read memory from arbitrary addresses, including from\n the kernel and all other processes running on the\n system.\n\n This specific attack has been named Spectre variant 2 (branch target\n injection) and is mitigated for the x86 architecture (amd64 and\n i386) by using the 'retpoline' compiler feature which allows\n indirect branches to be isolated from speculative execution.\n\n - CVE-2017-5753\n Multiple researchers have discovered a vulnerability in\n various processors supporting speculative execution,\n enabling an attacker controlling an unprivileged process\n to read memory from arbitrary addresses, including from\n the kernel and all other processes running on the\n system.\n\n This specific attack has been named Spectre variant 1 (bounds-check\n bypass) and is mitigated by identifying vulnerable code sections\n (array bounds checking followed by array access) and replacing the\n array access with the speculation-safe array_index_nospec()\n function.\n\n More use sites will be added over time.\n\n - CVE-2017-13166\n A bug in the 32-bit compatibility layer of the v4l2\n ioctl handling code has been found. Memory protections\n ensuring user-provided buffers always point to userland\n memory were disabled, allowing destination addresses to\n be in kernel space. On a 64-bit kernel a local user with\n access to a suitable video device can exploit this to\n overwrite kernel memory, leading to privilege\n escalation.\n\n - CVE-2017-13220\n Al Viro reported that the Bluetooth HIDP implementation\n could dereference a pointer before performing the\n necessary type check. A local user could use this to\n cause a denial of service.\n\n - CVE-2017-16526\n Andrey Konovalov reported that the UWB subsystem may\n dereference an invalid pointer in an error case. A local\n user might be able to use this for denial of service.\n\n - CVE-2017-16911\n Secunia Research reported that the USB/IP vhci_hcd\n driver exposed kernel heap addresses to local users.\n This information could aid the exploitation of other\n vulnerabilities.\n\n - CVE-2017-16912\n Secunia Research reported that the USB/IP stub driver\n failed to perform a range check on a received packet\n header field, leading to an out-of-bounds read. A remote\n user able to connect to the USB/IP server could use this\n for denial of service.\n\n - CVE-2017-16913\n Secunia Research reported that the USB/IP stub driver\n failed to perform a range check on a received packet\n header field, leading to excessive memory allocation. A\n remote user able to connect to the USB/IP server could\n use this for denial of service.\n\n - CVE-2017-16914\n Secunia Research reported that the USB/IP stub driver\n failed to check for an invalid combination of fields in\n a received packet, leading to a NULL pointer\n dereference. A remote user able to connect to the USB/IP\n server could use this for denial of service.\n\n - CVE-2017-18017\n Denys Fedoryshchenko reported that the netfilter\n xt_TCPMSS module failed to validate TCP header lengths,\n potentially leading to a use-after-free. If this module\n is loaded, it could be used by a remote attacker for\n denial of service or possibly for code execution.\n\n - CVE-2017-18203\n Hou Tao reported that there was a race condition in\n creation and deletion of device-mapper (DM) devices. A\n local user could potentially use this for denial of\n service.\n\n - CVE-2017-18216\n Alex Chen reported that the OCFS2 filesystem failed to\n hold a necessary lock during nodemanager sysfs file\n operations, potentially leading to a NULL pointer\n dereference. A local user could use this for denial of\n service.\n\n - CVE-2017-18232\n Jason Yan reported a race condition in the SAS\n (Serial-Attached SCSI) subsystem, between probing and\n destroying a port. This could lead to a deadlock. A\n physically present attacker could use this to cause a\n denial of service.\n\n - CVE-2017-18241\n Yunlei He reported that the f2fs implementation does not\n properly initialise its state if the 'noflush_merge'\n mount option is used. A local user with access to a\n filesystem mounted with this option could use this to\n cause a denial of service.\n\n - CVE-2018-1066\n Dan Aloni reported to Red Hat that the CIFS client\n implementation would dereference a NULL pointer if the\n server sent an invalid response during NTLMSSP setup\n negotiation. This could be used by a malicious server\n for denial of service.\n\n - CVE-2018-1068\n The syzkaller tool found that the 32-bit compatibility\n layer of ebtables did not sufficiently validate offset\n values. On a 64-bit kernel, a local user with the\n CAP_NET_ADMIN capability (in any user namespace) could\n use this to overwrite kernel memory, possibly leading to\n privilege escalation. Debian disables unprivileged user\n namespaces by default.\n\n - CVE-2018-1092\n Wen Xu reported that a crafted ext4 filesystem image\n would trigger a null dereference when mounted. A local\n user able to mount arbitrary filesystems could use this\n for denial of service.\n\n - CVE-2018-5332\n Mohamed Ghannam reported that the RDS protocol did not\n sufficiently validate RDMA requests, leading to an\n out-of-bounds write. A local attacker on a system with\n the rds module loaded could use this for denial of\n service or possibly for privilege escalation.\n\n - CVE-2018-5333\n Mohamed Ghannam reported that the RDS protocol did not\n properly handle an error case, leading to a NULL pointer\n dereference. A local attacker on a system with the rds\n module loaded could possibly use this for denial of\n service.\n\n - CVE-2018-5750\n Wang Qize reported that the ACPI sbshc driver logged a\n kernel heap address. This information could aid the\n exploitation of other vulnerabilities.\n\n - CVE-2018-5803\n Alexey Kodanev reported that the SCTP protocol did not\n range-check the length of chunks to be created. A local\n or remote user could use this to cause a denial of\n service.\n\n - CVE-2018-6927\n Li Jinyue reported that the FUTEX_REQUEUE operation on\n futexes did not check for negative parameter values,\n which might lead to a denial of service or other\n security impact.\n\n - CVE-2018-7492\n The syzkaller tool found that the RDS protocol was\n lacking a null pointer check. A local attacker on a\n system with the rds module loaded could use this for\n denial of service.\n\n - CVE-2018-7566\n Fan LongFei reported a race condition in the ALSA\n (sound) sequencer core, between write and ioctl\n operations. This could lead to an out-of-bounds access\n or use-after-free. A local user with access to a\n sequencer device could use this for denial of service or\n possibly for privilege escalation.\n\n - CVE-2018-7740\n Nic Losby reported that the hugetlbfs filesystem's mmap\n operation did not properly range-check the file offset.\n A local user with access to files on a hugetlbfs\n filesystem could use this to cause a denial of service.\n\n - CVE-2018-7757\n Jason Yan reported a memory leak in the SAS\n (Serial-Attached SCSI) subsystem. A local user on a\n system with SAS devices could use this to cause a denial\n of service.\n\n - CVE-2018-7995\n Seunghun Han reported a race condition in the x86 MCE\n (Machine Check Exception) driver. This is unlikely to\n have any security impact.\n\n - CVE-2018-8781\n Eyal Itkin reported that the udl (DisplayLink) driver's\n mmap operation did not properly range-check the file\n offset. A local user with access to a udl framebuffer\n device could exploit this to overwrite kernel memory,\n leading to privilege escalation.\n\n - CVE-2018-8822\n Dr Silvio Cesare of InfoSect reported that the ncpfs\n client implementation did not validate reply lengths\n from the server. An ncpfs server could use this to cause\n a denial of service or remote code execution in the\n client.\n\n - CVE-2018-1000004\n Luo Quan reported a race condition in the ALSA (sound)\n sequencer core, between multiple ioctl operations. This\n could lead to a deadlock or use-after-free. A local user\n with access to a sequencer device could use this for\n denial of service or possibly for privilege escalation.\n\n - CVE-2018-1000199\n Andy Lutomirski discovered that the ptrace subsystem did\n not sufficiently validate hardware breakpoint settings.\n Local users can use this to cause a denial of service,\n or possibly for privilege escalation, on x86 (amd64 and\n i386) and possibly other architectures.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-9016\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-0861\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-5715\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-5753\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-13166\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-13220\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-16526\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-16911\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-16912\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-16913\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-16914\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-18017\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-18203\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-18216\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-18232\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-18241\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-1066\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-1068\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-1092\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-5332\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-5333\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-5750\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-5803\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-6927\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-7492\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-7566\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-7740\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-7757\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-7995\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-8781\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-8822\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-1000004\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-1000199\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/linux\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/linux\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2018/dsa-4187\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the linux packages.\n\nFor the oldstable distribution (jessie), these problems have been\nfixed in version 3.16.56-1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Reliable Datagram Sockets (RDS) rds_atomic_free_op NULL pointer dereference Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/11/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/02\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"linux-compiler-gcc-4.8-arm\", reference:\"3.16.56-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-compiler-gcc-4.8-x86\", reference:\"3.16.56-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-compiler-gcc-4.9-x86\", reference:\"3.16.56-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-doc-3.16\", reference:\"3.16.56-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-586\", reference:\"3.16.56-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-686-pae\", reference:\"3.16.56-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all\", reference:\"3.16.56-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all-amd64\", reference:\"3.16.56-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all-armel\", reference:\"3.16.56-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all-armhf\", reference:\"3.16.56-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all-i386\", reference:\"3.16.56-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-amd64\", reference:\"3.16.56-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-armmp\", reference:\"3.16.56-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-armmp-lpae\", reference:\"3.16.56-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-common\", reference:\"3.16.56-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-ixp4xx\", reference:\"3.16.56-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-kirkwood\", reference:\"3.16.56-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-orion5x\", reference:\"3.16.56-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-versatile\", reference:\"3.16.56-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-586\", reference:\"3.16.56-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-686-pae\", reference:\"3.16.56-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-686-pae-dbg\", reference:\"3.16.56-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-amd64\", reference:\"3.16.56-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-amd64-dbg\", reference:\"3.16.56-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-armmp\", reference:\"3.16.56-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-armmp-lpae\", reference:\"3.16.56-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-ixp4xx\", reference:\"3.16.56-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-kirkwood\", reference:\"3.16.56-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-orion5x\", reference:\"3.16.56-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-versatile\", reference:\"3.16.56-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-libc-dev\", reference:\"3.16.56-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-manual-3.16\", reference:\"3.16.56-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-source-3.16\", reference:\"3.16.56-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-support-3.16.0-9\", reference:\"3.16.56-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"xen-linux-system-3.16.0-9-amd64\", reference:\"3.16.56-1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-26T15:32:21", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system:\n memory allocation, process allocation, device input and output, etc.Security Fix(es):The yam_ioctl function in drivers et/hamradio/yam.c in the Linux kernel before 3.12.8 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCYAMGCFG ioctl call.(CVE-2014-1446)The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program.(CVE-2015-1350)A certain backport in the TCP Fast Open implementation for the Linux kernel before 3.18 does not properly maintain a count value, which allow local users to cause a denial of service (system crash) via the Fast Open feature, as demonstrated by visiting the chrome://flags/#enable-tcp-fast-open URL when using certain 3.10.x through 3.16.x kernel builds, including longterm-maintenance releases and ckt (aka Canonical Kernel Team) builds.(CVE-2015-3332)The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device.(CVE-2015-8816)In the Linux kernel before 4.1.4, a buffer overflow occurs when checking userspace params in drivers/media/dvb-frontends/cx24116.c. The maximum size for a DiSEqC command is 6, according to the userspace API. However, the code allows larger values such as 23.(CVE-2015-9289)The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference or double free, and system crash) via a crafted endpoints value in a USB device descriptor.(CVE-2016-2184)The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.(CVE-2016-2185)The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.(CVE-2016-2186)The gtco_probe function in drivers/input/tablet/gtco.c in the Linux kernel through 4.5.2 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.(CVE-2016-2187)Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (panic) or possibly have unspecified other impact via vectors involving an invalid USB descriptor.(CVE-2016-2384)The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1) bulk-in or (2) interrupt-in endpoint.(CVE-2016-2782)The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both a control and a data endpoint descriptor.(CVE-2016-3138)The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel before 3.17 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.(CVE-2016-3139)The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.(CVE-2016-3140)The ims_pcu_parse_cdc_data function in drivers/input/misc/ims-pcu.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (system crash) via a USB device without both a master and a slave interface.(CVE-2016-3689)The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface.(CVE-2016-4569)sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions.(CVE-2016-4578)The x25_negotiate_facilities function in net/x25/x25_facilities.c in the Linux kernel before 4.5.5 does not properly initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory via an X.25 Call Request.(CVE-2016-4580)The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel through 4.8.2 does not restrict a certain length field, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code.(CVE-2016-7425)The Linux Kernel running on AMD64 systems will sometimes map the contents of PIE executable, the heap or ld.so to where the stack is mapped allowing attackers to more easily manipulate the stack. Linux Kernel version 4.11.5 is affected.(CVE-2017-1000379)In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overread is observed in nl80211_set_station when user space application sends attribute NL80211_ATTR_LOCAL_MESH_POWER_MODE with data of size less than 4 bytes(CVE-2017-11089)An elevation of privilege vulnerability in the kernel sound timer.\n Product: Android. Versions: Android kernel. Android ID A-37240993.(CVE-2017-13167)In ashmem_ioctl of ashmem.c, there is an out-of-bounds write due to insufficient locking when accessing asma. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-66954097.(CVE-2017-13216)A information disclosure vulnerability in the Upstream kernel encrypted-keys. Product: Android. Versions:\n Android kernel. Android ID:\n A-70526974.(CVE-2017-13305)An integer overflow in the qla2x00_sysfs_write_optrom_ctl function in drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel through 4.12.10 allows local users to cause a denial of service (memory corruption and system crash) by leveraging root access.(CVE-2017-14051)The Serial Attached SCSI (SAS) implementation in the Linux kernel through 4.15.9 mishandles a mutex within libsas, which allows local users to cause a denial of service (deadlock) by triggering certain error-handling code.(CVE-2017-18232)An issue was discovered in net/ipv6/ip6mr.c in the Linux kernel before 4.11. By setting a specific socket option, an attacker can control a pointer in kernel land and cause an inet_csk_listen_stop general protection fault, or potentially execute arbitrary code under certain circumstances. The issue can be triggered as root (e.g., inside a default LXC container or with the CAP_NET_ADMIN capability) or after namespace unsharing.\n This occurs because sk_type and protocol are not checked in the appropriate part of the ip6_mroute_* functions. NOTE: this affects Linux distributions that use 4.9.x longterm kernels before 4.9.187.(CVE-2017-18509)An issue was discovered in drivers/i2c/i2c-core-smbus.c in the Linux kernel before 4.14.15. There is an out of bounds write in the function i2c_smbus_xfer_emulated.(CVE-2017-18551)An issue was discovered in the Linux kernel before 4.14.11. A double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c.(CVE-2017-18595)The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.5 does not check for a zero value of certain levels data, which allows local users to cause a denial of service (ZERO_SIZE_PTR dereference, and GPF and possibly panic) via a crafted ioctl call for a /dev/dri/renderD* device.(CVE-2017-7261)The KEYS subsystem in the Linux kernel before 4.10.13 allows local users to cause a denial of service (memory consumption) via a series of KEY_REQKEY_DEFL_THREAD_KEYRING keyctl_set_reqkey_keyring calls.(CVE-2017-7472)The kernel_wait4 function in kernel/exit.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service by triggering an attempted use of the -INT_MIN value.(CVE-2018-10087)The kill_something_info function in kernel/signal.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service via an INT_MIN argument.(CVE-2018-10124)The xfs_dinode_verify function in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_ilock_attr_map_shared invalid pointer dereference) via a crafted xfs image.(CVE-2018-10322)The xfs_bmap_extents_to_btree function in fs/xfs/libxfs/xfs_bmap.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_bmapi_write NULL pointer dereference) via a crafted xfs image.(CVE-2018-10323)The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted system calls.(CVE-2018-10675)Linux kernel is vulnerable to a stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4_update_inline_data(). An attacker could use this to cause a system crash and a denial of service.(CVE-2018-10880)An issue was discovered in the Linux kernel through 4.17.3. An Integer Overflow in kernel/time/posix-timers.c in the POSIX timer code is caused by the way the overrun accounting works. Depending on interval and expiry time values, the overrun can be larger than INT_MAX, but the accounting is int based. This basically makes the accounting values, which are visible to user space via timer_getoverrun(2) and siginfo::si_overrun, random.\n For example, a local user can cause a denial of service (signed integer overflow) via crafted mmap, futex, timer_create, and timer_settime system calls.(CVE-2018-12896)An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel through 4.18.11. It does not ensure that only root may inspect the kernel stack of an arbitrary task, allowing a local attacker to exploit racy stack unwinding and leak kernel task stack contents.(CVE-2018-17972)An issue was discovered in the Linux kernel through 4.19. An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658.(CVE-2018-18710 )An issue was discovered in the Linux kernel before 4.18.11. The ipddp_ioctl function in drivers et/appletalk/ipddp.c allows local users to obtain sensitive kernel address information by leveraging CAP_NET_ADMIN to read the ipddp_route dev and next fields via an SIOCFINDIPDDPRT ioctl call.(CVE-2018-20511)An issue was discovered in the Linux kernel before 4.18.7. In block/blk-core.c, there is an __blk_drain_queue() use-after-free because a certain error case is mishandled.(CVE-2018-20856)An issue was discovered in fs/xfs/xfs_super.c in the Linux kernel before 4.18. A use after free exists, related to xfs_fs_fill_super failure.(CVE-2018-20976)Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis.(CVE-2018-3693)In the function sbusfb_ioctl_helper() in drivers/video/fbdev/sbuslib.c in the Linux kernel through 4.15, an integer signedness error allows arbitrary information leakage for the FBIOPUTCMAP_SPARC and FBIOGETCMAP_SPARC commands.(CVE-2018-6412)In nfc_llcp_build_sdreq_tlv of llcp_commands.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-73083945.(CVE-2018-9518 )Insufficient access control in the Intel(R) PROSet/Wireless WiFi Software driver before version 21.10 may allow an unauthenticated user to potentially enable denial of service via adjacent access.(CVE-2019-0136)A vulnerability was found in Linux kernel's, versions up to 3.10, implementation of overlayfs. An attacker with local access can create a denial of service situation via NULL pointer dereference in ovl_posix_acl_create function in fs/overlayfs/dir.c. This can allow attackers with ability to create directories on overlayfs to crash the kernel creating a denial of service (DOS).(CVE-2019-10140)A flaw was found in the Linux kernel's freescale hypervisor manager implementation, kernel versions 5.0.x up to, excluding 5.0.17. A parameter passed to an ioctl was incorrectly validated and used in size calculations for the page size calculation. An attacker can use this flaw to crash the system, corrupt memory, or create other adverse security affects.(CVE-2019-10142)An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory, aka 'Windows Kernel Information Disclosure Vulnerability'.\n This CVE ID is unique from CVE-2019-1071, CVE-2019-1073.(CVE-2019-1125)** DISPUTED ** An issue was discovered in ip6_ra_control in net/ipv6/ipv6_sockglue.c in the Linux kernel through 5.1.5. There is an unchecked kmalloc of new_ra, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: This has been disputed as not an issue.(CVE-2019-12378)** DISPUTED ** An issue was discovered in con_insert_unipair in drivers/tty/vt/consolemap.c in the Linux kernel through 5.1.5. There is a memory leak in a certain case of an ENOMEM outcome of kmalloc.\n NOTE: This id is disputed as not being an issue.(CVE-2019-12379)** DISPUTED ** An issue was discovered in ip_ra_control in net/ipv4/ip_sockglue.c in the Linux kernel through 5.1.5. There is an unchecked kmalloc of new_ra, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: this is disputed because new_ra is never used if it is NULL.(CVE-2019-12381)** DISPUTED ** An issue was discovered in the MPT3COMMAND case in _ctl_ioctl_main in drivers/scsi/mpt3sas/mpt3sas_ctl.c in the Linux kernel through 5.1.5. It allows local users to cause a denial of service or possibly have unspecified other impact by changing the value of ioc_number between two kernel reads of that value, aka a 'double fetch' vulnerability. NOTE: a third party reports that this is unexploitable because the doubly fetched value is not used.(CVE-2019-12456)An issue was discovered in the Linux kernel before 4.20.15. The nfc_llcp_build_tlv function in net fc/llcp_commands.c may return NULL. If the caller does not check for this, it will trigger a NULL pointer dereference. This will cause denial of service. This affects nfc_llcp_build_gb in net fc/llcp_core.c.(CVE-2019-12818)In parse_hid_report_descriptor in drivers/input/tablet/gtco.c in the Linux kernel through 5.2.1, a malicious USB device can send an HID report that triggers an out-of-bounds write during generation of debugging messages.(CVE-2019-13631)In the Linux kernel through 5.2.1 on the powerpc platform, when hardware transactional memory is disabled, a local user can cause a denial of service (TM Bad Thing exception and system crash) via a sigreturn() system call that sends a crafted signal frame. This affects arch/powerpc/kernel/signal_32.c and arch/powerpc/kernel/signal_64.c.(CVE-2019-13648)In the Linux kernel before 5.2.3, set_geometry in drivers/block/floppy.c does not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an unprivileged local user when a floppy disk has been inserted. NOTE: QEMU creates the floppy device by default.(CVE-2019-14283)In the Linux kernel before 5.2.3, drivers/block/floppy.c allows a denial of service by setup_format_params division-by-zero. Two consecutive ioctls can trigger the bug: the first one should set the drive geometry with .sect and .rate values that make F_SECT_PER_TRACK be zero. Next, the floppy format operation should be called. It can be triggered by an unprivileged local user even when a floppy disk has not been inserted. NOTE: QEMU creates the floppy device by default.(CVE-2019-14284)There is heap-based buffer overflow in Linux kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.(CVE-2019-14814)There is heap-based buffer overflow in marvell wifi chip driver in Linux kernel,allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.(CVE-2019-14815)There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.(CVE-2019-14816)An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system.(CVE-2019-14821)A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host.(CVE-2019-14835)drivers et/wireless/ath/ath6kl/usb.c in the Linux kernel through 5.2.9 has a NULL pointer dereference via an incomplete address in an endpoint descriptor.(CVE-2019-15098)check_input_term in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles recursion, leading to kernel stack exhaustion.(CVE-2019-15118)An issue was discovered in the Linux kernel before 5.1.8. There is a double-free caused by a malicious USB device in the drivers/usb/misc/rio500.c driver.(CVE-2019-15212)An issue was discovered in the Linux kernel before 5.2.3.\n There is a use-after-free caused by a malicious USB device in the drivers/media/usb/dvb-usb/dvb-usb-init.c driver.(CVE-2019-15213)An issue was discovered in the Linux kernel before 5.0.10. There is a use-after-free in the sound subsystem because card disconnection causes certain data structures to be deleted too early.\n This is related to sound/core/init.c and sound/core/info.c.(CVE-2019-15214)An issue was discovered in the Linux kernel before 5.0.14. There is a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/yurex.c driver.(CVE-2019-15216)An issue was discovered in the Linux kernel before 5.2.3. There is a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/zr364xx/zr364xx.c driver.(CVE-2019-15217)An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/siano/smsusb.c driver.(CVE-2019-15218)An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/sisusbvga/sisusb.c driver.(CVE-2019-15219)An issue was discovered in the Linux kernel before 5.2.1. There is a use-after-free caused by a malicious USB device in the drivers et/wireless/intersil/p54/p54usb.c driver.(CVE-2019-15220)An issue was discovered in the Linux kernel before 5.1.17. There is a NULL pointer dereference caused by a malicious USB device in the sound/usb/line6/pcm.c driver.(CVE-2019-15221)An issue was discovered in the Linux kernel through 5.2.9. There is a NULL pointer dereference caused by a malicious USB device in the flexcop_usb_probe function in the drivers/media/usb/b2c2/flexcop-usb.c driver.(CVE-2019-15291)An issue was discovered in the Linux kernel before 5.0.9. There is a use-after-free in atalk_proc_exit, related to net/appletalk/atalk_proc.c, net/appletalk/ddp.c, and net/appletalk/sysctl_net_atalk.c.(CVE-2019-15292)driver s/media/usb/dvb-usb/technisat-usb2.c in the Linux kernel through 5.2.9 has an out-of-bounds read via crafted USB device traffic (which may be remote via usbip or usbredir).(CVE-2019-15505)In the Linux kernel before 5.1.13, there is a memory leak in drivers/scsi/libsas/sas_expander.c when SAS expander discovery fails. This will cause a BUG and denial of service.(CVE-2019-15807)An issue was discovered in the Linux kernel before 5.0.1. There is a memory leak in register_queue_kobjects() in net/core et-sysfs.c, which will cause denial of service.(CVE-2019-15916)An issue was discovered in the Linux kernel before 5.2.3. Out of bounds access exists in the functions ath6kl_wmi_pstream_timeout_event_rx and ath6kl_wmi_cac_event_rx in the file drivers et/wireless/ath/ath6kl/wmi.c.(CVE-2019-15926)An issue was discovered in the Linux kernel before 4.20.2. An out-of-bounds access exists in the function build_audio_procunit in the file sound/usb/mixer.c.(CVE-2019-15927)drivers et/wireless/marvell/libertas/if_sdio.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.(CVE-2019-16232)An issue was discovered in the Linux kernel before 5.0.4. The 9p filesystem did not protect i_size_write() properly, which causes an i_size_read() infinite loop and denial of service on SMP systems.(CVE-2019-16413)ax25_create in net/ax25/af_ax25.c in the AF_AX25 network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-0614e2b73768.(CVE-2019-17052)ieee802154_create in net/ieee802154/socket.c in the AF_IEEE802154 network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-e69dbd4619e7.(CVE-2019-17053)atalk_create in net/appletalk/ddp.c in the AF_APPLETALK network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-6cc03e8aa36c.(CVE-2019-17054)base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-b91ee4aa2a21.(CVE-2019-17055)llcp_sock_create in net fc/llcp_sock.c in the AF_NFC network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-3a359798b176.(CVE-2019-17056)An issue was discovered in write_tpt_entry in drivers/infiniband/hw/cxgb4/mem.c in the Linux kernel through 5.3.2. The cxgb4 driver is directly calling dma_map_single (a DMA function) from a stack variable.\n This could allow an attacker to trigger a Denial of Service, exploitable if this driver is used on an architecture for which this stack/DMA interaction has security relevance.(CVE-2019-17075)In the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c does not reject a long SSID IE, leading to a Buffer Overflow.(CVE-2019-17133)rtl_p2p_noa_ie in drivers et/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a certain upper-bound check, leading to a buffer overflow.(CVE-2019-17666)In uvc_parse_standard_control of uvc_driver.c, there is a possible out-of-bound read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-111760968.(CVE-2019-2101)A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network.(CVE-2019-3846)A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). Versions 3.10, 4.14 and 4.18 are vulnerable.(CVE-2019-3882)** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.Note:This vulnarability was lead by this commit below:5b435de0d786869c95d1962121af0d7df2542009, EulerOS kernel doesn't contain this commit.(CVE-2019-9503)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-12-10T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : kernel (EulerOS-SA-2019-2353)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1446", "CVE-2015-1350", "CVE-2015-3332", "CVE-2015-8816", "CVE-2015-9289", "CVE-2016-2184", "CVE-2016-2185", "CVE-2016-2186", "CVE-2016-2187", "CVE-2016-2384", "CVE-2016-2782", "CVE-2016-3138", "CVE-2016-3139", "CVE-2016-3140", "CVE-2016-3689", "CVE-2016-4569", "CVE-2016-4578", "CVE-2016-4580", "CVE-2016-7425", "CVE-2017-1000379", "CVE-2017-11089", "CVE-2017-13167", "CVE-2017-13216", "CVE-2017-13305", "CVE-2017-14051", "CVE-2017-18232", "CVE-2017-18509", "CVE-2017-18551", "CVE-2017-18595", "CVE-2017-7261", "CVE-2017-7472", "CVE-2018-10087", "CVE-2018-10124", "CVE-2018-10322", "CVE-2018-10323", "CVE-2018-10675", "CVE-2018-10880", "CVE-2018-10940", "CVE-2018-12896", "CVE-2018-16658", "CVE-2018-17972", "CVE-2018-18710", "CVE-2018-20511", "CVE-2018-20856", "CVE-2018-20976", "CVE-2018-3693", "CVE-2018-6412", "CVE-2018-9518", "CVE-2019-0136", "CVE-2019-10140", "CVE-2019-10142", "CVE-2019-1071", "CVE-2019-1073", "CVE-2019-1125", "CVE-2019-12378", "CVE-2019-12379", "CVE-2019-12381", "CVE-2019-12456", "CVE-2019-12818", "CVE-2019-13631", "CVE-2019-13648", "CVE-2019-14283", "CVE-2019-14284", "CVE-2019-14814", "CVE-2019-14815", "CVE-2019-14816", "CVE-2019-14821", "CVE-2019-14835", "CVE-2019-15098", "CVE-2019-15118", "CVE-2019-15212", "CVE-2019-15213", "CVE-2019-15214", "CVE-2019-15216", "CVE-2019-15217", "CVE-2019-15218", "CVE-2019-15219", "CVE-2019-15220", "CVE-2019-15221", "CVE-2019-15291", "CVE-2019-15292", "CVE-2019-15505", "CVE-2019-15807", "CVE-2019-15916", "CVE-2019-15926", "CVE-2019-15927", "CVE-2019-16232", "CVE-2019-16413", "CVE-2019-17052", "CVE-2019-17053", "CVE-2019-17054", "CVE-2019-17055", "CVE-2019-17056", "CVE-2019-17075", "CVE-2019-17133", "CVE-2019-17666", "CVE-2019-2101", "CVE-2019-3846", "CVE-2019-3882", "CVE-2019-9503"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-debug", "p-cpe:/a:huawei:euleros:kernel-debug-devel", "p-cpe:/a:huawei:euleros:kernel-debuginfo", "p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-2353.NASL", "href": "https://www.tenable.com/plugins/nessus/131845", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(131845);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2014-1446\",\n \"CVE-2015-1350\",\n \"CVE-2015-3332\",\n \"CVE-2015-8816\",\n \"CVE-2015-9289\",\n \"CVE-2016-2184\",\n \"CVE-2016-2185\",\n \"CVE-2016-2186\",\n \"CVE-2016-2187\",\n \"CVE-2016-2384\",\n \"CVE-2016-2782\",\n \"CVE-2016-3138\",\n \"CVE-2016-3139\",\n \"CVE-2016-3140\",\n \"CVE-2016-3689\",\n \"CVE-2016-4569\",\n \"CVE-2016-4578\",\n \"CVE-2016-4580\",\n \"CVE-2016-7425\",\n \"CVE-2017-1000379\",\n \"CVE-2017-11089\",\n \"CVE-2017-13167\",\n \"CVE-2017-13216\",\n \"CVE-2017-13305\",\n \"CVE-2017-14051\",\n \"CVE-2017-18232\",\n \"CVE-2017-18509\",\n \"CVE-2017-18551\",\n \"CVE-2017-18595\",\n \"CVE-2017-7261\",\n \"CVE-2017-7472\",\n \"CVE-2018-10087\",\n \"CVE-2018-10124\",\n \"CVE-2018-10322\",\n \"CVE-2018-10323\",\n \"CVE-2018-10675\",\n \"CVE-2018-10880\",\n \"CVE-2018-12896\",\n \"CVE-2018-17972\",\n \"CVE-2018-18710\",\n \"CVE-2018-20511\",\n \"CVE-2018-20856\",\n \"CVE-2018-20976\",\n \"CVE-2018-3693\",\n \"CVE-2018-6412\",\n \"CVE-2018-9518\",\n \"CVE-2019-0136\",\n \"CVE-2019-10140\",\n \"CVE-2019-10142\",\n \"CVE-2019-1125\",\n \"CVE-2019-12378\",\n \"CVE-2019-12379\",\n \"CVE-2019-12381\",\n \"CVE-2019-12456\",\n \"CVE-2019-12818\",\n \"CVE-2019-13631\",\n \"CVE-2019-13648\",\n \"CVE-2019-14283\",\n \"CVE-2019-14284\",\n \"CVE-2019-14814\",\n \"CVE-2019-14815\",\n \"CVE-2019-14816\",\n \"CVE-2019-14821\",\n \"CVE-2019-14835\",\n \"CVE-2019-15098\",\n \"CVE-2019-15118\",\n \"CVE-2019-15212\",\n \"CVE-2019-15213\",\n \"CVE-2019-15214\",\n \"CVE-2019-15216\",\n \"CVE-2019-15217\",\n \"CVE-2019-15218\",\n \"CVE-2019-15219\",\n \"CVE-2019-15220\",\n \"CVE-2019-15221\",\n \"CVE-2019-15291\",\n \"CVE-2019-15292\",\n \"CVE-2019-15505\",\n \"CVE-2019-15807\",\n \"CVE-2019-15916\",\n \"CVE-2019-15926\",\n \"CVE-2019-15927\",\n \"CVE-2019-16232\",\n \"CVE-2019-16413\",\n \"CVE-2019-17052\",\n \"CVE-2019-17053\",\n \"CVE-2019-17054\",\n \"CVE-2019-17055\",\n \"CVE-2019-17056\",\n \"CVE-2019-17075\",\n \"CVE-2019-17133\",\n \"CVE-2019-17666\",\n \"CVE-2019-2101\",\n \"CVE-2019-3846\",\n \"CVE-2019-3882\",\n \"CVE-2019-9503\"\n );\n script_bugtraq_id(\n 64954,\n 74232\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : kernel (EulerOS-SA-2019-2353)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - The kernel package contains the Linux kernel (vmlinuz),\n the core of any Linux operating system. The kernel\n handles the basic functions of the operating system:\n memory allocation, process allocation, device input and\n output, etc.Security Fix(es):The yam_ioctl function in\n drivers et/hamradio/yam.c in the Linux kernel before\n 3.12.8 does not initialize a certain structure member,\n which allows local users to obtain sensitive\n information from kernel memory by leveraging the\n CAP_NET_ADMIN capability for an SIOCYAMGCFG ioctl\n call.(CVE-2014-1446)The VFS subsystem in the Linux\n kernel 3.x provides an incomplete set of requirements\n for setattr operations that underspecifies removing\n extended privilege attributes, which allows local users\n to cause a denial of service (capability stripping) via\n a failed invocation of a system call, as demonstrated\n by using chown to remove a capability from the ping or\n Wireshark dumpcap program.(CVE-2015-1350)A certain\n backport in the TCP Fast Open implementation for the\n Linux kernel before 3.18 does not properly maintain a\n count value, which allow local users to cause a denial\n of service (system crash) via the Fast Open feature, as\n demonstrated by visiting the\n chrome://flags/#enable-tcp-fast-open URL when using\n certain 3.10.x through 3.16.x kernel builds, including\n longterm-maintenance releases and ckt (aka Canonical\n Kernel Team) builds.(CVE-2015-3332)The hub_activate\n function in drivers/usb/core/hub.c in the Linux kernel\n before 4.3.5 does not properly maintain a hub-interface\n data structure, which allows physically proximate\n attackers to cause a denial of service (invalid memory\n access and system crash) or possibly have unspecified\n other impact by unplugging a USB hub\n device.(CVE-2015-8816)In the Linux kernel before 4.1.4,\n a buffer overflow occurs when checking userspace params\n in drivers/media/dvb-frontends/cx24116.c. The maximum\n size for a DiSEqC command is 6, according to the\n userspace API. However, the code allows larger values\n such as 23.(CVE-2015-9289)The create_fixed_stream_quirk\n function in sound/usb/quirks.c in the snd-usb-audio\n driver in the Linux kernel before 4.5.1 allows\n physically proximate attackers to cause a denial of\n service (NULL pointer dereference or double free, and\n system crash) via a crafted endpoints value in a USB\n device descriptor.(CVE-2016-2184)The ati_remote2_probe\n function in drivers/input/misc/ati_remote2.c in the\n Linux kernel before 4.5.1 allows physically proximate\n attackers to cause a denial of service (NULL pointer\n dereference and system crash) via a crafted endpoints\n value in a USB device descriptor.(CVE-2016-2185)The\n powermate_probe function in\n drivers/input/misc/powermate.c in the Linux kernel\n before 4.5.1 allows physically proximate attackers to\n cause a denial of service (NULL pointer dereference and\n system crash) via a crafted endpoints value in a USB\n device descriptor.(CVE-2016-2186)The gtco_probe\n function in drivers/input/tablet/gtco.c in the Linux\n kernel through 4.5.2 allows physically proximate\n attackers to cause a denial of service (NULL pointer\n dereference and system crash) via a crafted endpoints\n value in a USB device descriptor.(CVE-2016-2187)Double\n free vulnerability in the snd_usbmidi_create function\n in sound/usb/midi.c in the Linux kernel before 4.5\n allows physically proximate attackers to cause a denial\n of service (panic) or possibly have unspecified other\n impact via vectors involving an invalid USB\n descriptor.(CVE-2016-2384)The treo_attach function in\n drivers/usb/serial/visor.c in the Linux kernel before\n 4.5 allows physically proximate attackers to cause a\n denial of service (NULL pointer dereference and system\n crash) or possibly have unspecified other impact by\n inserting a USB device that lacks a (1) bulk-in or (2)\n interrupt-in endpoint.(CVE-2016-2782)The acm_probe\n function in drivers/usb/class/cdc-acm.c in the Linux\n kernel before 4.5.1 allows physically proximate\n attackers to cause a denial of service (NULL pointer\n dereference and system crash) via a USB device without\n both a control and a data endpoint\n descriptor.(CVE-2016-3138)The wacom_probe function in\n drivers/input/tablet/wacom_sys.c in the Linux kernel\n before 3.17 allows physically proximate attackers to\n cause a denial of service (NULL pointer dereference and\n system crash) via a crafted endpoints value in a USB\n device descriptor.(CVE-2016-3139)The digi_port_init\n function in drivers/usb/serial/digi_acceleport.c in the\n Linux kernel before 4.5.1 allows physically proximate\n attackers to cause a denial of service (NULL pointer\n dereference and system crash) via a crafted endpoints\n value in a USB device descriptor.(CVE-2016-3140)The\n ims_pcu_parse_cdc_data function in\n drivers/input/misc/ims-pcu.c in the Linux kernel before\n 4.5.1 allows physically proximate attackers to cause a\n denial of service (system crash) via a USB device\n without both a master and a slave\n interface.(CVE-2016-3689)The snd_timer_user_params\n function in sound/core/timer.c in the Linux kernel\n through 4.6 does not initialize a certain data\n structure, which allows local users to obtain sensitive\n information from kernel stack memory via crafted use of\n the ALSA timer\n interface.(CVE-2016-4569)sound/core/timer.c in the\n Linux kernel through 4.6 does not initialize certain r1\n data structures, which allows local users to obtain\n sensitive information from kernel stack memory via\n crafted use of the ALSA timer interface, related to the\n (1) snd_timer_user_ccallback and (2)\n snd_timer_user_tinterrupt functions.(CVE-2016-4578)The\n x25_negotiate_facilities function in\n net/x25/x25_facilities.c in the Linux kernel before\n 4.5.5 does not properly initialize a certain data\n structure, which allows attackers to obtain sensitive\n information from kernel stack memory via an X.25 Call\n Request.(CVE-2016-4580)The arcmsr_iop_message_xfer\n function in drivers/scsi/arcmsr/arcmsr_hba.c in the\n Linux kernel through 4.8.2 does not restrict a certain\n length field, which allows local users to gain\n privileges or cause a denial of service (heap-based\n buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER\n control code.(CVE-2016-7425)The Linux Kernel running on\n AMD64 systems will sometimes map the contents of PIE\n executable, the heap or ld.so to where the stack is\n mapped allowing attackers to more easily manipulate the\n stack. Linux Kernel version 4.11.5 is\n affected.(CVE-2017-1000379)In android for MSM, Firefox\n OS for MSM, QRD Android, with all Android releases from\n CAF using the Linux kernel, a buffer overread is\n observed in nl80211_set_station when user space\n application sends attribute\n NL80211_ATTR_LOCAL_MESH_POWER_MODE with data of size\n less than 4 bytes(CVE-2017-11089)An elevation of\n privilege vulnerability in the kernel sound timer.\n Product: Android. Versions: Android kernel. Android ID\n A-37240993.(CVE-2017-13167)In ashmem_ioctl of ashmem.c,\n there is an out-of-bounds write due to insufficient\n locking when accessing asma. This could lead to a local\n elevation of privilege enabling code execution as a\n privileged process with no additional execution\n privileges needed. User interaction is not needed for\n exploitation. Product: Android. Versions: Android\n kernel. Android ID: A-66954097.(CVE-2017-13216)A\n information disclosure vulnerability in the Upstream\n kernel encrypted-keys. Product: Android. Versions:\n Android kernel. Android ID:\n A-70526974.(CVE-2017-13305)An integer overflow in the\n qla2x00_sysfs_write_optrom_ctl function in\n drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel\n through 4.12.10 allows local users to cause a denial of\n service (memory corruption and system crash) by\n leveraging root access.(CVE-2017-14051)The Serial\n Attached SCSI (SAS) implementation in the Linux kernel\n through 4.15.9 mishandles a mutex within libsas, which\n allows local users to cause a denial of service\n (deadlock) by triggering certain error-handling\n code.(CVE-2017-18232)An issue was discovered in\n net/ipv6/ip6mr.c in the Linux kernel before 4.11. By\n setting a specific socket option, an attacker can\n control a pointer in kernel land and cause an\n inet_csk_listen_stop general protection fault, or\n potentially execute arbitrary code under certain\n circumstances. The issue can be triggered as root\n (e.g., inside a default LXC container or with the\n CAP_NET_ADMIN capability) or after namespace unsharing.\n This occurs because sk_type and protocol are not\n checked in the appropriate part of the ip6_mroute_*\n functions. NOTE: this affects Linux distributions that\n use 4.9.x longterm kernels before\n 4.9.187.(CVE-2017-18509)An issue was discovered in\n drivers/i2c/i2c-core-smbus.c in the Linux kernel before\n 4.14.15. There is an out of bounds write in the\n function i2c_smbus_xfer_emulated.(CVE-2017-18551)An\n issue was discovered in the Linux kernel before\n 4.14.11. A double free may be caused by the function\n allocate_trace_buffer in the file\n kernel/trace/trace.c.(CVE-2017-18595)The\n vmw_surface_define_ioctl function in\n drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux\n kernel through 4.10.5 does not check for a zero value\n of certain levels data, which allows local users to\n cause a denial of service (ZERO_SIZE_PTR dereference,\n and GPF and possibly panic) via a crafted ioctl call\n for a /dev/dri/renderD* device.(CVE-2017-7261)The KEYS\n subsystem in the Linux kernel before 4.10.13 allows\n local users to cause a denial of service (memory\n consumption) via a series of\n KEY_REQKEY_DEFL_THREAD_KEYRING\n keyctl_set_reqkey_keyring calls.(CVE-2017-7472)The\n kernel_wait4 function in kernel/exit.c in the Linux\n kernel before 4.13, when an unspecified architecture\n and compiler is used, might allow local users to cause\n a denial of service by triggering an attempted use of\n the -INT_MIN value.(CVE-2018-10087)The\n kill_something_info function in kernel/signal.c in the\n Linux kernel before 4.13, when an unspecified\n architecture and compiler is used, might allow local\n users to cause a denial of service via an INT_MIN\n argument.(CVE-2018-10124)The xfs_dinode_verify function\n in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel\n through 4.16.3 allows local users to cause a denial of\n service (xfs_ilock_attr_map_shared invalid pointer\n dereference) via a crafted xfs\n image.(CVE-2018-10322)The xfs_bmap_extents_to_btree\n function in fs/xfs/libxfs/xfs_bmap.c in the Linux\n kernel through 4.16.3 allows local users to cause a\n denial of service (xfs_bmapi_write NULL pointer\n dereference) via a crafted xfs\n image.(CVE-2018-10323)The do_get_mempolicy function in\n mm/mempolicy.c in the Linux kernel before 4.12.9 allows\n local users to cause a denial of service\n (use-after-free) or possibly have unspecified other\n impact via crafted system calls.(CVE-2018-10675)Linux\n kernel is vulnerable to a stack-out-of-bounds write in\n the ext4 filesystem code when mounting and writing to a\n crafted ext4 image in ext4_update_inline_data(). An\n attacker could use this to cause a system crash and a\n denial of service.(CVE-2018-10880)An issue was\n discovered in the Linux kernel through 4.17.3. An\n Integer Overflow in kernel/time/posix-timers.c in the\n POSIX timer code is caused by the way the overrun\n accounting works. Depending on interval and expiry time\n values, the overrun can be larger than INT_MAX, but the\n accounting is int based. This basically makes the\n accounting values, which are visible to user space via\n timer_getoverrun(2) and siginfo::si_overrun, random.\n For example, a local user can cause a denial of service\n (signed integer overflow) via crafted mmap, futex,\n timer_create, and timer_settime system\n calls.(CVE-2018-12896)An issue was discovered in the\n proc_pid_stack function in fs/proc/base.c in the Linux\n kernel through 4.18.11. It does not ensure that only\n root may inspect the kernel stack of an arbitrary task,\n allowing a local attacker to exploit racy stack\n unwinding and leak kernel task stack\n contents.(CVE-2018-17972)An issue was discovered in the\n Linux kernel through 4.19. An information leak in\n cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could\n be used by local attackers to read kernel memory\n because a cast from unsigned long to int interferes\n with bounds checking. This is similar to CVE-2018-10940\n and CVE-2018-16658.(CVE-2018-18710 )An issue was\n discovered in the Linux kernel before 4.18.11. The\n ipddp_ioctl function in drivers et/appletalk/ipddp.c\n allows local users to obtain sensitive kernel address\n information by leveraging CAP_NET_ADMIN to read the\n ipddp_route dev and next fields via an SIOCFINDIPDDPRT\n ioctl call.(CVE-2018-20511)An issue was discovered in\n the Linux kernel before 4.18.7. In block/blk-core.c,\n there is an __blk_drain_queue() use-after-free because\n a certain error case is mishandled.(CVE-2018-20856)An\n issue was discovered in fs/xfs/xfs_super.c in the Linux\n kernel before 4.18. A use after free exists, related to\n xfs_fs_fill_super failure.(CVE-2018-20976)Systems with\n microprocessors utilizing speculative execution and\n branch prediction may allow unauthorized disclosure of\n information to an attacker with local user access via a\n speculative buffer overflow and side-channel\n analysis.(CVE-2018-3693)In the function\n sbusfb_ioctl_helper() in drivers/video/fbdev/sbuslib.c\n in the Linux kernel through 4.15, an integer signedness\n error allows arbitrary information leakage for the\n FBIOPUTCMAP_SPARC and FBIOGETCMAP_SPARC\n commands.(CVE-2018-6412)In nfc_llcp_build_sdreq_tlv of\n llcp_commands.c, there is a possible out of bounds\n write due to a missing bounds check. This could lead to\n local escalation of privilege with System execution\n privileges needed. User interaction is not needed for\n exploitation. Product: Android. Versions: Android\n kernel. Android ID: A-73083945.(CVE-2018-9518\n )Insufficient access control in the Intel(R)\n PROSet/Wireless WiFi Software driver before version\n 21.10 may allow an unauthenticated user to potentially\n enable denial of service via adjacent\n access.(CVE-2019-0136)A vulnerability was found in\n Linux kernel's, versions up to 3.10, implementation of\n overlayfs. An attacker with local access can create a\n denial of service situation via NULL pointer\n dereference in ovl_posix_acl_create function in\n fs/overlayfs/dir.c. This can allow attackers with\n ability to create directories on overlayfs to crash the\n kernel creating a denial of service\n (DOS).(CVE-2019-10140)A flaw was found in the Linux\n kernel's freescale hypervisor manager implementation,\n kernel versions 5.0.x up to, excluding 5.0.17. A\n parameter passed to an ioctl was incorrectly validated\n and used in size calculations for the page size\n calculation. An attacker can use this flaw to crash the\n system, corrupt memory, or create other adverse\n security affects.(CVE-2019-10142)An information\n disclosure vulnerability exists when certain central\n processing units (CPU) speculatively access memory, aka\n 'Windows Kernel Information Disclosure Vulnerability'.\n This CVE ID is unique from CVE-2019-1071,\n CVE-2019-1073.(CVE-2019-1125)** DISPUTED ** An issue\n was discovered in ip6_ra_control in\n net/ipv6/ipv6_sockglue.c in the Linux kernel through\n 5.1.5. There is an unchecked kmalloc of new_ra, which\n might allow an attacker to cause a denial of service\n (NULL pointer dereference and system crash). NOTE: This\n has been disputed as not an issue.(CVE-2019-12378)**\n DISPUTED ** An issue was discovered in\n con_insert_unipair in drivers/tty/vt/consolemap.c in\n the Linux kernel through 5.1.5. There is a memory leak\n in a certain case of an ENOMEM outcome of kmalloc.\n NOTE: This id is disputed as not being an\n issue.(CVE-2019-12379)** DISPUTED ** An issue was\n discovered in ip_ra_control in net/ipv4/ip_sockglue.c\n in the Linux kernel through 5.1.5. There is an\n unchecked kmalloc of new_ra, which might allow an\n attacker to cause a denial of service (NULL pointer\n dereference and system crash). NOTE: this is disputed\n because new_ra is never used if it is\n NULL.(CVE-2019-12381)** DISPUTED ** An issue was\n discovered in the MPT3COMMAND case in _ctl_ioctl_main\n in drivers/scsi/mpt3sas/mpt3sas_ctl.c in the Linux\n kernel through 5.1.5. It allows local users to cause a\n denial of service or possibly have unspecified other\n impact by changing the value of ioc_number between two\n kernel reads of that value, aka a 'double fetch'\n vulnerability. NOTE: a third party reports that this is\n unexploitable because the doubly fetched value is not\n used.(CVE-2019-12456)An issue was discovered in the\n Linux kernel before 4.20.15. The nfc_llcp_build_tlv\n function in net fc/llcp_commands.c may return NULL. If\n the caller does not check for this, it will trigger a\n NULL pointer dereference. This will cause denial of\n service. This affects nfc_llcp_build_gb in net\n fc/llcp_core.c.(CVE-2019-12818)In\n parse_hid_report_descriptor in\n drivers/input/tablet/gtco.c in the Linux kernel through\n 5.2.1, a malicious USB device can send an HID report\n that triggers an out-of-bounds write during generation\n of debugging messages.(CVE-2019-13631)In the Linux\n kernel through 5.2.1 on the powerpc platform, when\n hardware transactional memory is disabled, a local user\n can cause a denial of service (TM Bad Thing exception\n and system crash) via a sigreturn() system call that\n sends a crafted signal frame. This affects\n arch/powerpc/kernel/signal_32.c and\n arch/powerpc/kernel/signal_64.c.(CVE-2019-13648)In the\n Linux kernel before 5.2.3, set_geometry in\n drivers/block/floppy.c does not validate the sect and\n head fields, as demonstrated by an integer overflow and\n out-of-bounds read. It can be triggered by an\n unprivileged local user when a floppy disk has been\n inserted. NOTE: QEMU creates the floppy device by\n default.(CVE-2019-14283)In the Linux kernel before\n 5.2.3, drivers/block/floppy.c allows a denial of\n service by setup_format_params division-by-zero. Two\n consecutive ioctls can trigger the bug: the first one\n should set the drive geometry with .sect and .rate\n values that make F_SECT_PER_TRACK be zero. Next, the\n floppy format operation should be called. It can be\n triggered by an unprivileged local user even when a\n floppy disk has not been inserted. NOTE: QEMU creates\n the floppy device by default.(CVE-2019-14284)There is\n heap-based buffer overflow in Linux kernel, all\n versions up to, excluding 5.3, in the marvell wifi chip\n driver in Linux kernel, that allows local users to\n cause a denial of service(system crash) or possibly\n execute arbitrary code.(CVE-2019-14814)There is\n heap-based buffer overflow in marvell wifi chip driver\n in Linux kernel,allows local users to cause a denial of\n service(system crash) or possibly execute arbitrary\n code.(CVE-2019-14815)There is heap-based buffer\n overflow in kernel, all versions up to, excluding 5.3,\n in the marvell wifi chip driver in Linux kernel, that\n allows local users to cause a denial of service(system\n crash) or possibly execute arbitrary\n code.(CVE-2019-14816)An out-of-bounds access issue was\n found in the Linux kernel, all versions through 5.3, in\n the way Linux kernel's KVM hypervisor implements the\n Coalesced MMIO write operation. It operates on an MMIO\n ring buffer 'struct kvm_coalesced_mmio' object, wherein\n write indices 'ring->first' and 'ring->last' value\n could be supplied by a host user-space process. An\n unprivileged host user or process with access to\n '/dev/kvm' device could use this flaw to crash the host\n kernel, resulting in a denial of service or potentially\n escalating privileges on the system.(CVE-2019-14821)A\n buffer overflow flaw was found, in versions from 2.6.34\n to 5.2.x, in the way Linux kernel's vhost functionality\n that translates virtqueue buffers to IOVs, logged the\n buffer descriptors during migration. A privileged guest\n user able to pass descriptors with invalid length to\n the host when migration is underway, could use this\n flaw to increase their privileges on the\n host.(CVE-2019-14835)drivers\n et/wireless/ath/ath6kl/usb.c in the Linux kernel\n through 5.2.9 has a NULL pointer dereference via an\n incomplete address in an endpoint\n descriptor.(CVE-2019-15098)check_input_term in\n sound/usb/mixer.c in the Linux kernel through 5.2.9\n mishandles recursion, leading to kernel stack\n exhaustion.(CVE-2019-15118)An issue was discovered in\n the Linux kernel before 5.1.8. There is a double-free\n caused by a malicious USB device in the\n drivers/usb/misc/rio500.c driver.(CVE-2019-15212)An\n issue was discovered in the Linux kernel before 5.2.3.\n There is a use-after-free caused by a malicious USB\n device in the drivers/media/usb/dvb-usb/dvb-usb-init.c\n driver.(CVE-2019-15213)An issue was discovered in the\n Linux kernel before 5.0.10. There is a use-after-free\n in the sound subsystem because card disconnection\n causes certain data structures to be deleted too early.\n This is related to sound/core/init.c and\n sound/core/info.c.(CVE-2019-15214)An issue was\n discovered in the Linux kernel before 5.0.14. There is\n a NULL pointer dereference caused by a malicious USB\n device in the drivers/usb/misc/yurex.c\n driver.(CVE-2019-15216)An issue was discovered in the\n Linux kernel before 5.2.3. There is a NULL pointer\n dereference caused by a malicious USB device in the\n drivers/media/usb/zr364xx/zr364xx.c\n driver.(CVE-2019-15217)An issue was discovered in the\n Linux kernel before 5.1.8. There is a NULL pointer\n dereference caused by a malicious USB device in the\n drivers/media/usb/siano/smsusb.c\n driver.(CVE-2019-15218)An issue was discovered in the\n Linux kernel before 5.1.8. There is a NULL pointer\n dereference caused by a malicious USB device in the\n drivers/usb/misc/sisusbvga/sisusb.c\n driver.(CVE-2019-15219)An issue was discovered in the\n Linux kernel before 5.2.1. There is a use-after-free\n caused by a malicious USB device in the drivers\n et/wireless/intersil/p54/p54usb.c\n driver.(CVE-2019-15220)An issue was discovered in the\n Linux kernel before 5.1.17. There is a NULL pointer\n dereference caused by a malicious USB device in the\n sound/usb/line6/pcm.c driver.(CVE-2019-15221)An issue\n was discovered in the Linux kernel through 5.2.9. There\n is a NULL pointer dereference caused by a malicious USB\n device in the flexcop_usb_probe function in the\n drivers/media/usb/b2c2/flexcop-usb.c\n driver.(CVE-2019-15291)An issue was discovered in the\n Linux kernel before 5.0.9. There is a use-after-free in\n atalk_proc_exit, related to net/appletalk/atalk_proc.c,\n net/appletalk/ddp.c, and\n net/appletalk/sysctl_net_atalk.c.(CVE-2019-15292)driver\n s/media/usb/dvb-usb/technisat-usb2.c in the Linux\n kernel through 5.2.9 has an out-of-bounds read via\n crafted USB device traffic (which may be remote via\n usbip or usbredir).(CVE-2019-15505)In the Linux kernel\n before 5.1.13, there is a memory leak in\n drivers/scsi/libsas/sas_expander.c when SAS expander\n discovery fails. This will cause a BUG and denial of\n service.(CVE-2019-15807)An issue was discovered in the\n Linux kernel before 5.0.1. There is a memory leak in\n register_queue_kobjects() in net/core et-sysfs.c, which\n will cause denial of service.(CVE-2019-15916)An issue\n was discovered in the Linux kernel before 5.2.3. Out of\n bounds access exists in the functions\n ath6kl_wmi_pstream_timeout_event_rx and\n ath6kl_wmi_cac_event_rx in the file drivers\n et/wireless/ath/ath6kl/wmi.c.(CVE-2019-15926)An issue\n was discovered in the Linux kernel before 4.20.2. An\n out-of-bounds access exists in the function\n build_audio_procunit in the file\n sound/usb/mixer.c.(CVE-2019-15927)drivers\n et/wireless/marvell/libertas/if_sdio.c in the Linux\n kernel 5.2.14 does not check the alloc_workqueue return\n value, leading to a NULL pointer\n dereference.(CVE-2019-16232)An issue was discovered in\n the Linux kernel before 5.0.4. The 9p filesystem did\n not protect i_size_write() properly, which causes an\n i_size_read() infinite loop and denial of service on\n SMP systems.(CVE-2019-16413)ax25_create in\n net/ax25/af_ax25.c in the AF_AX25 network module in the\n Linux kernel through 5.3.2 does not enforce\n CAP_NET_RAW, which means that unprivileged users can\n create a raw socket, aka\n CID-0614e2b73768.(CVE-2019-17052)ieee802154_create in\n net/ieee802154/socket.c in the AF_IEEE802154 network\n module in the Linux kernel through 5.3.2 does not\n enforce CAP_NET_RAW, which means that unprivileged\n users can create a raw socket, aka\n CID-e69dbd4619e7.(CVE-2019-17053)atalk_create in\n net/appletalk/ddp.c in the AF_APPLETALK network module\n in the Linux kernel through 5.3.2 does not enforce\n CAP_NET_RAW, which means that unprivileged users can\n create a raw socket, aka\n CID-6cc03e8aa36c.(CVE-2019-17054)base_sock_create in\n drivers/isdn/mISDN/socket.c in the AF_ISDN network\n module in the Linux kernel through 5.3.2 does not\n enforce CAP_NET_RAW, which means that unprivileged\n users can create a raw socket, aka\n CID-b91ee4aa2a21.(CVE-2019-17055)llcp_sock_create in\n net fc/llcp_sock.c in the AF_NFC network module in the\n Linux kernel through 5.3.2 does not enforce\n CAP_NET_RAW, which means that unprivileged users can\n create a raw socket, aka\n CID-3a359798b176.(CVE-2019-17056)An issue was\n discovered in write_tpt_entry in\n drivers/infiniband/hw/cxgb4/mem.c in the Linux kernel\n through 5.3.2. The cxgb4 driver is directly calling\n dma_map_single (a DMA function) from a stack variable.\n This could allow an attacker to trigger a Denial of\n Service, exploitable if this driver is used on an\n architecture for which this stack/DMA interaction has\n security relevance.(CVE-2019-17075)In the Linux kernel\n through 5.3.2, cfg80211_mgd_wext_giwessid in\n net/wireless/wext-sme.c does not reject a long SSID IE,\n leading to a Buffer\n Overflow.(CVE-2019-17133)rtl_p2p_noa_ie in drivers\n et/wireless/realtek/rtlwifi/ps.c in the Linux kernel\n through 5.3.6 lacks a certain upper-bound check,\n leading to a buffer overflow.(CVE-2019-17666)In\n uvc_parse_standard_control of uvc_driver.c, there is a\n possible out-of-bound read due to improper input\n validation. This could lead to local information\n disclosure with no additional execution privileges\n needed. User interaction is not needed for\n exploitation. Product: Android. Versions: Android\n kernel. Android ID: A-111760968.(CVE-2019-2101)A flaw\n that allowed an attacker to corrupt memory and possibly\n escalate privileges was found in the mwifiex kernel\n module while connecting to a malicious wireless\n network.(CVE-2019-3846)A flaw was found in the Linux\n kernel's vfio interface implementation that permits\n violation of the user's locked memory limit. If a\n device is bound to a vfio driver, such as vfio-pci, and\n the local attacker is administratively granted\n ownership of the device, it may cause a system memory\n exhaustion and thus a denial of service (DoS). Versions\n 3.10, 4.14 and 4.18 are vulnerable.(CVE-2019-3882)**\n RESERVED ** This candidate has been reserved by an\n organization or individual that will use it when\n announcing a new security problem. When the candidate\n has been publicized, the details for this candidate\n will be provided.Note:This vulnarability was lead by\n this commit\n below:5b435de0d786869c95d1962121af0d7df2542009, EulerOS\n kernel doesn't contain this commit.(CVE-2019-9503)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2353\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?49df271c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-327.62.59.83.h195\",\n \"kernel-debug-3.10.0-327.62.59.83.h195\",\n \"kernel-debug-devel-3.10.0-327.62.59.83.h195\",\n \"kernel-debuginfo-3.10.0-327.62.59.83.h195\",\n \"kernel-debuginfo-common-x86_64-3.10.0-327.62.59.83.h195\",\n \"kernel-devel-3.10.0-327.62.59.83.h195\",\n \"kernel-headers-3.10.0-327.62.59.83.h195\",\n \"kernel-tools-3.10.0-327.62.59.83.h195\",\n \"kernel-tools-libs-3.10.0-327.62.59.83.h195\",\n \"perf-3.10.0-327.62.59.83.h195\",\n \"python-perf-3.10.0-327.62.59.83.h195\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-05-29T18:33:07", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-03-28T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2018-ba39fc0e07", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-18232"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874293", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874293", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_ba39fc0e07_kernel_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for kernel FEDORA-2018-ba39fc0e07\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874293\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-03-28 08:59:56 +0200 (Wed, 28 Mar 2018)\");\n script_cve_id(\"CVE-2017-18232\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2018-ba39fc0e07\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"FEDORA\", value:\"2018-ba39fc0e07\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZHTSWSNAX47UXWALOOFKC4PXGE4TNM6E\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.15.12~201.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:33:01", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-03-28T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2018-e378863e47", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-18232"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874290", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874290", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_e378863e47_kernel_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for kernel FEDORA-2018-e378863e47\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874290\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-03-28 08:59:36 +0200 (Wed, 28 Mar 2018)\");\n script_cve_id(\"CVE-2017-18232\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2018-e378863e47\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"FEDORA\", value:\"2018-e378863e47\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PB4IJT2U6PA5EF5WE5UBNB6NAY2Z6ZX6\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.15.12~301.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-10-24T20:46:16", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-10-23T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-4163-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-15902", "CVE-2016-10906", "CVE-2019-14816", "CVE-2019-15505", "CVE-2019-15117", "CVE-2019-15118", "CVE-2017-18232", "CVE-2018-21008", "CVE-2019-14821", "CVE-2019-14814"], "modified": "2019-10-24T00:00:00", "id": "OPENVAS:1361412562310844209", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310844209", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.844209\");\n script_version(\"2019-10-24T06:55:50+0000\");\n script_cve_id(\"CVE-2016-10906\", \"CVE-2017-18232\", \"CVE-2018-21008\", \"CVE-2019-14814\", \"CVE-2019-14816\", \"CVE-2019-14821\", \"CVE-2019-15117\", \"CVE-2019-15118\", \"CVE-2019-15505\", \"CVE-2019-15902\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-10-24 06:55:50 +0000 (Thu, 24 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-10-23 02:01:16 +0000 (Wed, 23 Oct 2019)\");\n script_name(\"Ubuntu Update for linux USN-4163-1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU16\\.04 LTS\");\n\n script_xref(name:\"USN\", value:\"4163-1\");\n script_xref(name:\"URL\", value:\"https://lists.ubuntu.com/archives/ubuntu-security-announce/2019-October/005160.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the USN-4163-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was discovered that a race condition existed in the ARC EMAC ethernet\ndriver for the Linux kernel, resulting in a use-after-free vulnerability.\nAn attacker could use this to cause a denial of service (system crash).\n(CVE-2016-10906)\n\nIt was discovered that a race condition existed in the Serial Attached SCSI\n(SAS) implementation in the Linux kernel when handling certain error\nconditions. A local attacker could use this to cause a denial of service\n(kernel deadlock). (CVE-2017-18232)\n\nIt was discovered that the RSI 91x Wi-Fi driver in the Linux kernel did not\ndid not handle detach operations correctly, leading to a use-after-free\nvulnerability. A physically proximate attacker could use this to cause a\ndenial of service (system crash) or possibly execute arbitrary code.\n(CVE-2018-21008)\n\nThe Marvell Wi-Fi device driver in the Linux\nkernel did not properly perform bounds checking, leading to a heap\noverflow. A local attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2019-14814,\nCVE-2019-14816)\n\nMatt Delco discovered that the KVM hypervisor implementation in the Linux\nkernel did not properly perform bounds checking when handling coalesced\nMMIO write operations. A local attacker with write access to /dev/kvm could\nuse this to cause a denial of service (system crash). (CVE-2019-14821)\n\nHui Peng and Mathias Payer discovered that the USB audio driver for the\nLinux kernel did not properly validate device meta data. A physically\nproximate attacker could use this to cause a denial of service (system\ncrash). (CVE-2019-15117)\n\nHui Peng and Mathias Payer discovered that the USB audio driver for the\nLinux kernel improperly performed recursion while handling device meta\ndata. A physically proximate attacker could use this to cause a denial of\nservice (system crash). (CVE-2019-15118)\n\nIt was discovered that the Technisat DVB-S/S2 USB device driver in the\nLinux kernel contained a buffer overread. A physically proximate attacker\ncould use this to cause a denial of service (system crash) or possibly\nexpose sensitive information. (CVE-2019-15505)\n\nBrad Spengler discovered that a Spectre mitigation was improperly\nimplemented in the ptrace subsystem of the Linux kernel. A local attacker\ncould possibly use this to expose sensitive information. (CVE-2019-15902)\");\n\n script_tag(name:\"affected\", value:\"'linux' package(s) on Ubuntu 16.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"UBUNTU16.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.4.0-1060-kvm\", ver:\"4.4.0-1060.67\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.4.0-1096-aws\", ver:\"4.4.0-1096.107\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.4.0-1124-raspi2\", ver:\"4.4.0-1124.133\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.4.0-1128-snapdragon\", ver:\"4.4.0-1128.136\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.4.0-166-generic\", ver:\"4.4.0-166.195\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.4.0-166-generic-lpae\", ver:\"4.4.0-166.195\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.4.0-166-lowlatency\", ver:\"4.4.0-166.195\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.4.0-166-powerpc-e500mc\", ver:\"4.4.0-166.195\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.4.0-166-powerpc-smp\", ver:\"4.4.0-166.195\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.4.0-166-powerpc64-emb\", ver:\"4.4.0-166.195\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.4.0-166-powerpc64-smp\", ver:\"4.4.0-166.195\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-aws\", ver:\"4.4.0.1096.100\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-generic\", ver:\"4.4.0.166.174\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-generic-lpae\", ver:\"4.4.0.166.174\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-kvm\", ver:\"4.4.0.1060.60\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-lowlatency\", ver:\"4.4.0.166.174\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-powerpc-e500mc\", ver:\"4.4.0.166.174\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-powerpc-smp\", ver:\"4.4.0.166.174\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-powerpc64-emb\", ver:\"4.4.0.166.174\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-powerpc64-smp\", ver:\"4.4.0.166.174\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-raspi2\", ver:\"4.4.0.1124.124\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-snapdragon\", ver:\"4.4.0.1128.120\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-virtual\", ver:\"4.4.0.166.174\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-02-05T16:39:54", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1505)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-17450", "CVE-2014-8481", "CVE-2017-15128", "CVE-2015-3288", "CVE-2014-9904", "CVE-2018-5391", "CVE-2017-18257", "CVE-2016-6828", "CVE-2017-18232", "CVE-2017-7374", "CVE-2014-3534", "CVE-2016-3955", "CVE-2018-7740", "CVE-2015-7990", "CVE-2014-4608", "CVE-2015-8660", "CVE-2018-20169", "CVE-2017-1000405", "CVE-2016-10044", "CVE-2014-3184"], "modified": "2020-02-05T00:00:00", "id": "OPENVAS:1361412562311220191505", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191505", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1505\");\n script_version(\"2020-02-05T08:56:28+0000\");\n script_cve_id(\"CVE-2014-3184\", \"CVE-2014-3534\", \"CVE-2014-4608\", \"CVE-2014-8481\", \"CVE-2014-9904\", \"CVE-2015-3288\", \"CVE-2015-7990\", \"CVE-2015-8660\", \"CVE-2016-10044\", \"CVE-2016-3955\", \"CVE-2016-6828\", \"CVE-2017-1000405\", \"CVE-2017-15128\", \"CVE-2017-17450\", \"CVE-2017-18232\", \"CVE-2017-18257\", \"CVE-2017-7374\", \"CVE-2018-20169\", \"CVE-2018-5391\", \"CVE-2018-7740\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-02-05 08:56:28 +0000 (Wed, 05 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:59:08 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1505)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRTARM64-3\\.0\\.1\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1505\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1505\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2019-1505 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use this flaw to trigger time and calculation expensive fragment reassembly algorithm by sending specially crafted packets which could lead to a CPU saturation and hence a denial of service on the system.(CVE-2018-5391)\n\nMultiple out-of-bounds write flaws were found in the way the Cherry Cymotion keyboard driver, KYE/Genius device drivers, Logitech device drivers, Monterey Genius KB29E keyboard driver, Petalynx Maxter remote control driver, and Sunplus wireless desktop driver handled HID reports with an invalid report descriptor size. An attacker with physical access to the system could use either of these flaws to write data past an allocated memory buffer.(CVE-2014-3184)\n\nThe __get_data_block function in fs/f2fs/data.c in the Linux kernel before 4.11 allows local users to cause a denial of service (integer overflow and loop) via crafted use of the open and fallocate system calls with an FS_IOC_FIEMAP ioctl.(CVE-2017-18257)\n\nnet/netfilter/xt_osf.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for add_callback and remove_callback operations. This allows local users to bypass intended access restrictions because the xt_osf_fingers data structure is shared across all network namespaces.(CVE-2017-17450)\n\nA denial of service flaw was discovered in the Linux kernel, where a race condition caused a NULL pointer dereference in the RDS socket-creation code. A local attacker could use this flaw to create a situation in which a NULL pointer crashed the kernel.(CVE-2015-7990)\n\nAn issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c.(CVE-2018-20169)\n\nmm/memory.c in the Linux kernel before 4.1.4 mishandles anonymous pages, which allows local users to gain privileges or cause a denial of service (page tainting) via a crafted application that triggers writing to page zero.(CVE-2015-3288)\n\nThe ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application.(CVE-2015-8660)\n\nA flaw was found in the Linux kernel where a local user with a shell account can abuse the userfaultfd syscall when using hugetlbfs. A missing size check in hugetlb_mcopy_atomic_pte could create ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.1.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRTARM64-3.0.1.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs-devel\", rpm:\"kernel-tools-libs-devel~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-04T18:56:48", "description": "Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2015-9016\nMing Lei reported a race condition in the multiqueue block layer\n(blk-mq). On a system with a driver using blk-mq (mtip32xx,\nnull_blk, or virtio_blk), a local user might be able to use this\nfor denial of service or possibly for privilege escalation.\n\nCVE-2017-0861\nRobb Glasser reported a potential use-after-free in the ALSA (sound)\nPCM core. We believe this was not possible in practice.\n\nDescription truncated. Please see the references for more information.", "cvss3": {}, "published": "2018-05-01T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 4187-1 (linux - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-8822", "CVE-2017-5753", "CVE-2017-16913", "CVE-2018-1000004", "CVE-2018-7566", "CVE-2018-5333", "CVE-2018-1066", "CVE-2017-0861", "CVE-2017-18203", "CVE-2017-16912", "CVE-2018-1000199", "CVE-2018-6927", "CVE-2018-7757", "CVE-2017-13166", "CVE-2018-8781", "CVE-2017-16526", "CVE-2017-5715", "CVE-2017-18232", "CVE-2017-18241", "CVE-2018-7740", "CVE-2017-16911", "CVE-2018-7492", "CVE-2018-5332", "CVE-2018-7995", "CVE-2018-5750", "CVE-2017-18216", "CVE-2018-1068", "CVE-2017-18017", "CVE-2017-13220", "CVE-2018-5803", "CVE-2018-1092", "CVE-2015-9016", "CVE-2017-16914"], "modified": "2019-07-04T00:00:00", "id": "OPENVAS:1361412562310704187", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704187", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Auto-generated from advisory DSA 4187-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704187\");\n script_version(\"2019-07-04T09:25:28+0000\");\n script_cve_id(\"CVE-2015-9016\", \"CVE-2017-0861\", \"CVE-2017-13166\", \"CVE-2017-13220\", \"CVE-2017-16526\",\n \"CVE-2017-16911\", \"CVE-2017-16912\", \"CVE-2017-16913\", \"CVE-2017-16914\", \"CVE-2017-18017\",\n \"CVE-2017-18203\", \"CVE-2017-18216\", \"CVE-2017-18232\", \"CVE-2017-18241\", \"CVE-2017-5715\",\n \"CVE-2017-5753\", \"CVE-2018-1000004\", \"CVE-2018-1000199\", \"CVE-2018-1066\", \"CVE-2018-1068\",\n \"CVE-2018-1092\", \"CVE-2018-5332\", \"CVE-2018-5333\", \"CVE-2018-5750\", \"CVE-2018-5803\",\n \"CVE-2018-6927\", \"CVE-2018-7492\", \"CVE-2018-7566\", \"CVE-2018-7740\", \"CVE-2018-7757\",\n \"CVE-2018-7995\", \"CVE-2018-8781\", \"CVE-2018-8822\");\n script_name(\"Debian Security Advisory DSA 4187-1 (linux - security update)\");\n script_tag(name:\"last_modification\", value:\"2019-07-04 09:25:28 +0000 (Thu, 04 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-05-01 00:00:00 +0200 (Tue, 01 May 2018)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2018/dsa-4187.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n script_tag(name:\"affected\", value:\"linux on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (jessie), these problems have been fixed\nin version 3.16.56-1.\n\nWe recommend that you upgrade your linux packages.\");\n\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/linux\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2015-9016\nMing Lei reported a race condition in the multiqueue block layer\n(blk-mq). On a system with a driver using blk-mq (mtip32xx,\nnull_blk, or virtio_blk), a local user might be able to use this\nfor denial of service or possibly for privilege escalation.\n\nCVE-2017-0861\nRobb Glasser reported a potential use-after-free in the ALSA (sound)\nPCM core. We believe this was not possible in practice.\n\nDescription truncated. Please see the references for more information.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"linux-compiler-gcc-4.8-arm\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-compiler-gcc-4.8-s390\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-compiler-gcc-4.8-x86\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-compiler-gcc-4.9-x86\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-doc-3.16\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-4kc-malta\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-586\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-5kc-malta\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-686-pae\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-amd64\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-arm64\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-armel\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-armhf\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-i386\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-mips\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-mipsel\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-powerpc\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-ppc64el\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-s390x\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-amd64\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-arm64\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-armmp\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-armmp-lpae\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-common\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-ixp4xx\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-kirkwood\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-loongson-2e\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-loongson-2f\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-loongson-3\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-octeon\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-orion5x\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc-smp\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc64\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc64le\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-r4k-ip22\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-r5k-ip32\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-s390x\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-sb1-bcm91250a\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-versatile\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-4kc-malta\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-586\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-5kc-malta\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-686-pae\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-all\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-all-amd64\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-all-arm64\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-all-armel\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-all-armhf\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-all-i386\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-all-mips\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-all-mipsel\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-all-powerpc\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-all-ppc64el\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-all-s390x\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-amd64\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-arm64\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-armmp\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-armmp-lpae\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-common\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-ixp4xx\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-kirkwood\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-loongson-2e\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-loongson-2f\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-loongson-3\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-octeon\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-orion5x\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-powerpc\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-powerpc-smp\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-powerpc64\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-powerpc64le\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-r4k-ip22\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-r5k-ip32\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-s390x\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-sb1-bcm91250a\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-versatile\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-4kc-malta\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-586\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-5kc-malta\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-686-pae\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-all\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-all-amd64\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-all-arm64\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-all-armel\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-all-armhf\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-all-i386\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-all-mips\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-all-powerpc\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-all-ppc64el\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-all-s390x\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-amd64\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-arm64\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-armmp\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-armmp-lpae\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-common\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-ixp4xx\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-kirkwood\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-octeon\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-orion5x\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-powerpc\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-powerpc-smp\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-powerpc64\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-powerpc64le\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-r4k-ip22\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-r5k-ip32\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-s390x\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-sb1-bcm91250a\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-versatile\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-4kc-malta\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-586\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-5kc-malta\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-686-pae\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-686-pae-dbg\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-amd64\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-amd64-dbg\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-arm64\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-arm64-dbg\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-armmp\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-armmp-lpae\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-ixp4xx\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-kirkwood\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-loongson-2e\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-loongson-2f\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-loongson-3\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-octeon\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-orion5x\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc-smp\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc64\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc64le\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-r4k-ip22\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-r5k-ip32\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-s390x\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-s390x-dbg\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-sb1-bcm91250a\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-versatile\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-4kc-malta\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-586\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-5kc-malta\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-686-pae\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-686-pae-dbg\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-amd64\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-amd64-dbg\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-arm64\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-arm64-dbg\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-armmp\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-armmp-lpae\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-ixp4xx\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-kirkwood\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-loongson-2e\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-loongson-2f\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-loongson-3\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-octeon\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-orion5x\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-powerpc\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-powerpc-smp\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-powerpc64\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-powerpc64le\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-r4k-ip22\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-r5k-ip32\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-s390x\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-s390x-dbg\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-sb1-bcm91250a\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-versatile\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-4kc-malta\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-586\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-5kc-malta\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-686-pae\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-686-pae-dbg\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-amd64\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-amd64-dbg\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-arm64\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-arm64-dbg\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-armmp\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-armmp-lpae\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-ixp4xx\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-kirkwood\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-octeon\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-orion5x\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-powerpc\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-powerpc-smp\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-powerpc64\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-powerpc64le\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-r4k-ip22\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-r5k-ip32\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-s390x\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-s390x-dbg\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-sb1-bcm91250a\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-versatile\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-libc-dev\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-manual-3.16\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-source-3.16\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-support-3.16.0-4\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-support-3.16.0-5\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-support-3.16.0-6\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-linux-system-3.16.0-4-amd64\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-linux-system-3.16.0-5-amd64\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-linux-system-3.16.0-6-amd64\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:08", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-05-02T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2018-e71875c4aa", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10021", "CVE-2018-8043", "CVE-2017-17863", "CVE-2017-17450", "CVE-2018-1108", "CVE-2017-17558", "CVE-2018-1000004", "CVE-2018-5333", "CVE-2017-17741", "CVE-2017-12193", "CVE-2017-17862", "CVE-2017-17852", "CVE-2017-16532", "CVE-2017-16649", "CVE-2018-5344", "CVE-2017-17854", "CVE-2017-17853", "CVE-2018-7757", "CVE-2017-15115", "CVE-2017-17712", "CVE-2017-8824", "CVE-2017-17448", "CVE-2018-1065", "CVE-2017-18232", "CVE-2017-16647", "CVE-2018-5332", "CVE-2017-17449", "CVE-2017-16650", "CVE-2018-7995", "CVE-2018-5750", "CVE-2017-16538", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-16644", "CVE-2017-17864", "CVE-2018-5803", "CVE-2017-1000405", "CVE-2018-1000026", "CVE-2017-17856"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874400", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874400", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_e71875c4aa_kernel_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for kernel FEDORA-2018-e71875c4aa\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874400\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-05-02 16:59:02 +0530 (Wed, 02 May 2018)\");\n script_cve_id(\"CVE-2018-10021\", \"CVE-2017-18232\", \"CVE-2018-7995\", \"CVE-2018-8043\",\n \"CVE-2018-7757\", \"CVE-2018-5803\", \"CVE-2018-1065\", \"CVE-2018-1000026\",\n \"CVE-2018-5750\", \"CVE-2018-1000004\", \"CVE-2018-5344\", \"CVE-2018-5332\",\n \"CVE-2018-5333\", \"CVE-2017-17862\", \"CVE-2017-17863\", \"CVE-2017-17864\",\n \"CVE-2017-17852\", \"CVE-2017-17853\", \"CVE-2017-17854\", \"CVE-2017-17855\",\n \"CVE-2017-17856\", \"CVE-2017-17857\", \"CVE-2017-17741\", \"CVE-2017-17712\",\n \"CVE-2017-17449\", \"CVE-2017-17450\", \"CVE-2017-17448\", \"CVE-2017-17558\",\n \"CVE-2017-8824\", \"CVE-2017-1000405\", \"CVE-2017-16649\", \"CVE-2017-16650\",\n \"CVE-2017-16644\", \"CVE-2017-16647\", \"CVE-2017-15115\", \"CVE-2017-16532\",\n \"CVE-2017-16538\", \"CVE-2017-12193\", \"CVE-2018-1108\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2018-e71875c4aa\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"FEDORA\", value:\"2018-e71875c4aa\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/23BZYWCPCFYSPRRRVNCK6UFYCODGX6GB\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.16.4~200.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:32:59", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-04-18T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2018-1e033dc308", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10021", "CVE-2018-8043", "CVE-2017-17863", "CVE-2017-17450", "CVE-2017-17558", "CVE-2018-1000004", "CVE-2018-5333", "CVE-2017-17741", "CVE-2017-12193", "CVE-2017-17862", "CVE-2017-17852", "CVE-2017-16532", "CVE-2017-16649", "CVE-2018-5344", "CVE-2017-17854", "CVE-2017-17853", "CVE-2018-7757", "CVE-2017-15115", "CVE-2017-17712", "CVE-2017-8824", "CVE-2017-17448", "CVE-2018-1065", "CVE-2017-18232", "CVE-2017-16647", "CVE-2018-5332", "CVE-2017-17449", "CVE-2017-16650", "CVE-2018-7995", "CVE-2018-5750", "CVE-2017-16538", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-16644", "CVE-2017-17864", "CVE-2018-5803", "CVE-2017-1000405", "CVE-2018-1000026", "CVE-2017-17856"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874366", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874366", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_1e033dc308_kernel_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for kernel FEDORA-2018-1e033dc308\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874366\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-04-18 08:57:51 +0200 (Wed, 18 Apr 2018)\");\n script_cve_id(\"CVE-2018-10021\", \"CVE-2017-18232\", \"CVE-2018-7995\", \"CVE-2018-8043\",\n \"CVE-2018-7757\", \"CVE-2018-5803\", \"CVE-2018-1065\", \"CVE-2018-1000026\",\n \"CVE-2018-5750\", \"CVE-2018-1000004\", \"CVE-2018-5344\", \"CVE-2018-5332\",\n \"CVE-2018-5333\", \"CVE-2017-17862\", \"CVE-2017-17863\", \"CVE-2017-17864\",\n \"CVE-2017-17852\", \"CVE-2017-17853\", \"CVE-2017-17854\", \"CVE-2017-17855\",\n \"CVE-2017-17856\", \"CVE-2017-17857\", \"CVE-2017-17741\", \"CVE-2017-17712\",\n \"CVE-2017-17449\", \"CVE-2017-17450\", \"CVE-2017-17448\", \"CVE-2017-17558\",\n \"CVE-2017-8824\", \"CVE-2017-1000405\", \"CVE-2017-16649\", \"CVE-2017-16650\",\n \"CVE-2017-16644\", \"CVE-2017-16647\", \"CVE-2017-15115\", \"CVE-2017-16532\",\n \"CVE-2017-16538\", \"CVE-2017-12193\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2018-1e033dc308\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"FEDORA\", value:\"2018-1e033dc308\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SKS5SHENFBKZBNJZ5A6BMP6JNTK5D4QC\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.15.17~300.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:11", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-05-26T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2018-93c2e74446", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10021", "CVE-2018-8043", "CVE-2017-17863", "CVE-2017-17450", "CVE-2018-1108", "CVE-2017-17558", "CVE-2018-1000004", "CVE-2018-5333", "CVE-2017-17741", "CVE-2017-12193", "CVE-2017-17862", "CVE-2017-17852", "CVE-2017-16532", "CVE-2017-16649", "CVE-2018-5344", "CVE-2017-17854", "CVE-2017-17853", "CVE-2018-7757", "CVE-2017-15115", "CVE-2017-17712", "CVE-2017-8824", "CVE-2017-17448", "CVE-2018-1120", "CVE-2018-1065", "CVE-2017-18232", "CVE-2017-16647", "CVE-2018-5332", "CVE-2017-17449", "CVE-2018-10322", "CVE-2017-16650", "CVE-2018-10323", "CVE-2018-7995", "CVE-2018-5750", "CVE-2017-16538", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-16644", "CVE-2017-17864", "CVE-2018-5803", "CVE-2017-1000405", "CVE-2018-1000026", "CVE-2018-3639", "CVE-2017-17856"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874606", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874606", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_93c2e74446_kernel_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for kernel FEDORA-2018-93c2e74446\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874606\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-05-26 05:55:13 +0200 (Sat, 26 May 2018)\");\n script_cve_id(\"CVE-2018-3639\", \"CVE-2018-1120\", \"CVE-2018-10322\", \"CVE-2018-10323\",\n \"CVE-2018-1108\", \"CVE-2018-10021\", \"CVE-2017-18232\", \"CVE-2018-7995\",\n \"CVE-2018-8043\", \"CVE-2018-7757\", \"CVE-2018-5803\", \"CVE-2018-1065\",\n \"CVE-2018-1000026\", \"CVE-2018-5750\", \"CVE-2018-1000004\", \"CVE-2018-5344\",\n \"CVE-2018-5332\", \"CVE-2018-5333\", \"CVE-2017-17862\", \"CVE-2017-17863\",\n \"CVE-2017-17864\", \"CVE-2017-17852\", \"CVE-2017-17853\", \"CVE-2017-17854\",\n \"CVE-2017-17855\", \"CVE-2017-17856\", \"CVE-2017-17857\", \"CVE-2017-17741\",\n \"CVE-2017-17712\", \"CVE-2017-17449\", \"CVE-2017-17450\", \"CVE-2017-17448\",\n \"CVE-2017-17558\", \"CVE-2017-8824\", \"CVE-2017-1000405\", \"CVE-2017-16649\",\n \"CVE-2017-16650\", \"CVE-2017-16644\", \"CVE-2017-16647\", \"CVE-2017-15115\",\n \"CVE-2017-16532\", \"CVE-2017-16538\", \"CVE-2017-12193\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2018-93c2e74446\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-93c2e74446\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y4XJ6WFI3BA27DJD66OHZX644RGQ7EBV\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.16.11~200.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:11", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-05-30T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2018-9d0e4e40b5", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10021", "CVE-2018-8043", "CVE-2017-17863", "CVE-2017-17450", "CVE-2018-1108", "CVE-2017-17558", "CVE-2018-1000004", "CVE-2018-5333", "CVE-2017-17741", "CVE-2018-10840", "CVE-2017-12193", "CVE-2017-17862", "CVE-2017-17852", "CVE-2017-16532", "CVE-2017-16649", "CVE-2018-5344", "CVE-2017-17854", "CVE-2017-17853", "CVE-2018-7757", "CVE-2017-15115", "CVE-2017-17712", "CVE-2017-8824", "CVE-2017-17448", "CVE-2018-1120", "CVE-2018-1065", "CVE-2017-18232", "CVE-2017-16647", "CVE-2018-5332", "CVE-2017-17449", "CVE-2018-10322", "CVE-2017-16650", "CVE-2018-10323", "CVE-2018-7995", "CVE-2018-5750", "CVE-2017-16538", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-16644", "CVE-2017-17864", "CVE-2018-5803", "CVE-2017-1000405", "CVE-2018-1000026", "CVE-2018-3639", "CVE-2017-17856"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874623", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874623", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_9d0e4e40b5_kernel_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for kernel FEDORA-2018-9d0e4e40b5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874623\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-05-30 06:02:06 +0200 (Wed, 30 May 2018)\");\n script_cve_id(\"CVE-2018-10840\", \"CVE-2018-3639\", \"CVE-2018-1120\", \"CVE-2018-10322\",\n \"CVE-2018-10323\", \"CVE-2018-1108\", \"CVE-2018-10021\", \"CVE-2017-18232\",\n \"CVE-2018-7995\", \"CVE-2018-8043\", \"CVE-2018-7757\", \"CVE-2018-5803\",\n \"CVE-2018-1065\", \"CVE-2018-1000026\", \"CVE-2018-5750\", \"CVE-2018-1000004\",\n \"CVE-2018-5344\", \"CVE-2018-5332\", \"CVE-2018-5333\", \"CVE-2017-17862\",\n \"CVE-2017-17863\", \"CVE-2017-17864\", \"CVE-2017-17852\", \"CVE-2017-17853\",\n \"CVE-2017-17854\", \"CVE-2017-17855\", \"CVE-2017-17856\", \"CVE-2017-17857\",\n \"CVE-2017-17741\", \"CVE-2017-17712\", \"CVE-2017-17449\", \"CVE-2017-17450\",\n \"CVE-2017-17448\", \"CVE-2017-17558\", \"CVE-2017-8824\", \"CVE-2017-1000405\",\n \"CVE-2017-16649\", \"CVE-2017-16650\", \"CVE-2017-16644\", \"CVE-2017-16647\",\n \"CVE-2017-15115\", \"CVE-2017-16532\", \"CVE-2017-16538\", \"CVE-2017-12193\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2018-9d0e4e40b5\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-9d0e4e40b5\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YAUGR47M3LDUN54S6SH2OQ3U6U2LS7HA\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.16.12~200.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:32:59", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-06-06T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2018-e8f793bbfc", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10021", "CVE-2018-8043", "CVE-2017-17863", "CVE-2017-17450", "CVE-2018-1108", "CVE-2017-17558", "CVE-2018-1000004", "CVE-2018-5333", "CVE-2017-17741", "CVE-2018-10840", "CVE-2017-12193", "CVE-2017-17862", "CVE-2018-11506", "CVE-2017-17852", "CVE-2017-16532", "CVE-2017-16649", "CVE-2018-5344", "CVE-2017-17854", "CVE-2017-17853", "CVE-2018-7757", "CVE-2017-15115", "CVE-2017-17712", "CVE-2017-8824", "CVE-2017-17448", "CVE-2018-1120", "CVE-2018-1065", "CVE-2017-18232", "CVE-2017-16647", "CVE-2018-5332", "CVE-2017-17449", "CVE-2018-10322", "CVE-2017-16650", "CVE-2018-10323", "CVE-2018-7995", "CVE-2018-5750", "CVE-2017-16538", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-16644", "CVE-2017-17864", "CVE-2018-5803", "CVE-2017-1000405", "CVE-2018-1000026", "CVE-2018-3639", "CVE-2017-17856"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874647", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874647", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_e8f793bbfc_kernel_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for kernel FEDORA-2018-e8f793bbfc\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874647\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-06-06 10:21:31 +0200 (Wed, 06 Jun 2018)\");\n script_cve_id(\"CVE-2018-11506\", \"CVE-2018-10840\", \"CVE-2018-3639\", \"CVE-2018-1120\",\n \"CVE-2018-10322\", \"CVE-2018-10323\", \"CVE-2018-1108\", \"CVE-2018-10021\",\n \"CVE-2017-18232\", \"CVE-2018-7995\", \"CVE-2018-8043\", \"CVE-2018-7757\",\n \"CVE-2018-5803\", \"CVE-2018-1065\", \"CVE-2018-1000026\", \"CVE-2018-5750\",\n \"CVE-2018-1000004\", \"CVE-2018-5344\", \"CVE-2018-5332\", \"CVE-2018-5333\",\n \"CVE-2017-17862\", \"CVE-2017-17863\", \"CVE-2017-17864\", \"CVE-2017-17852\",\n \"CVE-2017-17853\", \"CVE-2017-17854\", \"CVE-2017-17855\", \"CVE-2017-17856\",\n \"CVE-2017-17857\", \"CVE-2017-17741\", \"CVE-2017-17712\", \"CVE-2017-17449\",\n \"CVE-2017-17450\", \"CVE-2017-17448\", \"CVE-2017-17558\", \"CVE-2017-8824\",\n \"CVE-2017-1000405\", \"CVE-2017-16649\", \"CVE-2017-16650\", \"CVE-2017-16644\",\n \"CVE-2017-16647\", \"CVE-2017-15115\", \"CVE-2017-16532\", \"CVE-2017-16538\",\n \"CVE-2017-12193\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2018-e8f793bbfc\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-e8f793bbfc\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F32LED4G6QF446ZM5G7MOPFDAP4VB6M2\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.16.13~200.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:03", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-06-18T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2018-b57db4753c", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10021", "CVE-2018-8043", "CVE-2017-17863", "CVE-2017-17450", "CVE-2018-1108", "CVE-2017-17558", "CVE-2018-1000004", "CVE-2018-5333", "CVE-2017-17741", "CVE-2018-10840", "CVE-2017-12193", "CVE-2017-17862", "CVE-2018-11506", "CVE-2017-17852", "CVE-2018-10853", "CVE-2017-16532", "CVE-2017-16649", "CVE-2018-5344", "CVE-2017-17854", "CVE-2017-17853", "CVE-2018-7757", "CVE-2017-15115", "CVE-2017-17712", "CVE-2017-8824", "CVE-2017-17448", "CVE-2018-1120", "CVE-2018-1065", "CVE-2017-18232", "CVE-2017-16647", "CVE-2018-5332", "CVE-2017-17449", "CVE-2018-10322", "CVE-2017-16650", "CVE-2018-10323", "CVE-2018-7995", "CVE-2018-5750", "CVE-2017-16538", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-16644", "CVE-2017-17864", "CVE-2018-5803", "CVE-2017-1000405", "CVE-2018-1000026", "CVE-2018-3639", "CVE-2017-17856"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874695", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874695", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_b57db4753c_kernel_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for kernel FEDORA-2018-b57db4753c\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874695\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-06-18 06:02:23 +0200 (Mon, 18 Jun 2018)\");\n script_cve_id(\"CVE-2018-10853\", \"CVE-2018-11506\", \"CVE-2018-10840\", \"CVE-2018-3639\",\n \"CVE-2018-1120\", \"CVE-2018-10322\", \"CVE-2018-10323\", \"CVE-2018-1108\",\n \"CVE-2018-10021\", \"CVE-2017-18232\", \"CVE-2018-7995\", \"CVE-2018-8043\",\n \"CVE-2018-7757\", \"CVE-2018-5803\", \"CVE-2018-1065\", \"CVE-2018-1000026\",\n \"CVE-2018-5750\", \"CVE-2018-1000004\", \"CVE-2018-5344\", \"CVE-2018-5332\",\n \"CVE-2018-5333\", \"CVE-2017-17862\", \"CVE-2017-17863\", \"CVE-2017-17864\",\n \"CVE-2017-17852\", \"CVE-2017-17853\", \"CVE-2017-17854\", \"CVE-2017-17855\",\n \"CVE-2017-17856\", \"CVE-2017-17857\", \"CVE-2017-17741\", \"CVE-2017-17712\",\n \"CVE-2017-17449\", \"CVE-2017-17450\", \"CVE-2017-17448\", \"CVE-2017-17558\",\n \"CVE-2017-8824\", \"CVE-2017-1000405\", \"CVE-2017-16649\", \"CVE-2017-16650\",\n \"CVE-2017-16644\", \"CVE-2017-16647\", \"CVE-2017-15115\", \"CVE-2017-16532\",\n \"CVE-2017-16538\", \"CVE-2017-12193\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2018-b57db4753c\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-b57db4753c\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22G4FPLZ4Y2WCMKTQG2WQFPR36Y3V4U4\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.16.15~200.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:06", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-06-23T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2018-c449dc1c9c", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10021", "CVE-2018-8043", "CVE-2017-17863", "CVE-2017-17450", "CVE-2018-1108", "CVE-2017-17558", "CVE-2018-1000004", "CVE-2018-5333", "CVE-2017-17741", "CVE-2018-10840", "CVE-2017-12193", "CVE-2017-17862", "CVE-2018-11506", "CVE-2018-12232", "CVE-2017-17852", "CVE-2018-10853", "CVE-2017-16532", "CVE-2017-16649", "CVE-2018-5344", "CVE-2017-17854", "CVE-2017-17853", "CVE-2018-7757", "CVE-2017-15115", "CVE-2017-17712", "CVE-2017-8824", "CVE-2017-17448", "CVE-2018-1120", "CVE-2018-1065", "CVE-2017-18232", "CVE-2017-16647", "CVE-2018-5332", "CVE-2017-17449", "CVE-2018-10322", "CVE-2017-16650", "CVE-2018-10323", "CVE-2018-7995", "CVE-2018-5750", "CVE-2017-16538", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-16644", "CVE-2017-17864", "CVE-2018-5803", "CVE-2017-1000405", "CVE-2018-1000026", "CVE-2018-3639", "CVE-2017-17856"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874721", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874721", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_c449dc1c9c_kernel_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for kernel FEDORA-2018-c449dc1c9c\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874721\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-06-23 06:16:07 +0200 (Sat, 23 Jun 2018)\");\n script_cve_id(\"CVE-2018-12232\", \"CVE-2018-10853\", \"CVE-2018-11506\", \"CVE-2018-10840\",\n \"CVE-2018-3639\", \"CVE-2018-1120\", \"CVE-2018-10322\", \"CVE-2018-10323\",\n \"CVE-2018-1108\", \"CVE-2018-10021\", \"CVE-2017-18232\", \"CVE-2018-7995\",\n \"CVE-2018-8043\", \"CVE-2018-7757\", \"CVE-2018-5803\", \"CVE-2018-1065\",\n \"CVE-2018-1000026\", \"CVE-2018-5750\", \"CVE-2018-1000004\", \"CVE-2018-5344\",\n \"CVE-2018-5332\", \"CVE-2018-5333\", \"CVE-2017-17862\", \"CVE-2017-17863\",\n \"CVE-2017-17864\", \"CVE-2017-17852\", \"CVE-2017-17853\", \"CVE-2017-17854\",\n \"CVE-2017-17855\", \"CVE-2017-17856\", \"CVE-2017-17857\", \"CVE-2017-17741\",\n \"CVE-2017-17712\", \"CVE-2017-17449\", \"CVE-2017-17450\", \"CVE-2017-17448\",\n \"CVE-2017-17558\", \"CVE-2017-8824\", \"CVE-2017-1000405\", \"CVE-2017-16649\",\n \"CVE-2017-16650\", \"CVE-2017-16644\", \"CVE-2017-16647\", \"CVE-2017-15115\",\n \"CVE-2017-16532\", \"CVE-2017-16538\", \"CVE-2017-12193\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2018-c449dc1c9c\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-c449dc1c9c\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y5RAP5M7DMT24XOVYRAYT7GRQE5OWLU3\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.16.16~200.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:01", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-06-29T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2018-b997780dca", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10021", "CVE-2018-8043", "CVE-2017-17863", "CVE-2017-17450", "CVE-2018-1108", "CVE-2017-17558", "CVE-2018-1000004", "CVE-2018-5333", "CVE-2017-17741", "CVE-2018-10840", "CVE-2017-12193", "CVE-2017-17862", "CVE-2018-12904", "CVE-2018-11506", "CVE-2018-12232", "CVE-2017-17852", "CVE-2018-10853", "CVE-2017-16532", "CVE-2017-16649", "CVE-2018-5344", "CVE-2017-17854", "CVE-2017-17853", "CVE-2018-7757", "CVE-2017-15115", "CVE-2017-17712", "CVE-2017-8824", "CVE-2017-17448", "CVE-2018-1120", "CVE-2018-1065", "CVE-2017-18232", "CVE-2017-16647", "CVE-2018-5332", "CVE-2017-17449", "CVE-2018-10322", "CVE-2017-16650", "CVE-2018-10323", "CVE-2018-7995", "CVE-2018-5750", "CVE-2017-16538", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-16644", "CVE-2017-17864", "CVE-2018-5803", "CVE-2017-1000405", "CVE-2018-1000026", "CVE-2018-3639", "CVE-2017-17856"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874751", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874751", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_b997780dca_kernel_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for kernel FEDORA-2018-b997780dca\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874751\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-06-29 10:57:08 +0200 (Fri, 29 Jun 2018)\");\n script_cve_id(\"CVE-2018-12232\", \"CVE-2018-10853\", \"CVE-2018-11506\", \"CVE-2018-10840\",\n \"CVE-2018-3639\", \"CVE-2018-1120\", \"CVE-2018-10322\", \"CVE-2018-10323\",\n \"CVE-2018-1108\", \"CVE-2018-10021\", \"CVE-2017-18232\", \"CVE-2018-7995\",\n \"CVE-2018-8043\", \"CVE-2018-7757\", \"CVE-2018-5803\", \"CVE-2018-1065\",\n \"CVE-2018-1000026\", \"CVE-2018-5750\", \"CVE-2018-1000004\", \"CVE-2018-5344\",\n \"CVE-2018-5332\", \"CVE-2018-5333\", \"CVE-2017-17862\", \"CVE-2017-17863\",\n \"CVE-2017-17864\", \"CVE-2017-17852\", \"CVE-2017-17853\", \"CVE-2017-17854\",\n \"CVE-2017-17855\", \"CVE-2017-17856\", \"CVE-2017-17857\", \"CVE-2017-17741\",\n \"CVE-2017-17712\", \"CVE-2017-17449\", \"CVE-2017-17450\", \"CVE-2017-17448\",\n \"CVE-2017-17558\", \"CVE-2017-8824\", \"CVE-2017-1000405\", \"CVE-2017-16649\",\n \"CVE-2017-16650\", \"CVE-2017-16644\", \"CVE-2017-16647\", \"CVE-2017-15115\",\n \"CVE-2017-16532\", \"CVE-2017-16538\", \"CVE-2017-12193\", \"CVE-2018-12904\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2018-b997780dca\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-b997780dca\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S2V7GQIYQYXQJNRX5DEJNNO6YKOHQC42\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.17.2~100.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:01", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-07-03T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2018-2a0f8b2c9d", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10021", "CVE-2018-8043", "CVE-2017-17863", "CVE-2017-17450", "CVE-2018-1108", "CVE-2017-17558", "CVE-2018-12633", "CVE-2018-1000004", "CVE-2018-5333", "CVE-2017-17741", "CVE-2018-10840", "CVE-2017-12193", "CVE-2017-17862", "CVE-2018-11506", "CVE-2018-12232", "CVE-2017-17852", "CVE-2018-10853", "CVE-2017-16532", "CVE-2017-16649", "CVE-2018-5344", "CVE-2017-17854", "CVE-2017-17853", "CVE-2018-7757", "CVE-2017-15115", "CVE-2017-17712", "CVE-2017-8824", "CVE-2017-17448", "CVE-2018-1120", "CVE-2018-1065", "CVE-2017-18232", "CVE-2017-16647", "CVE-2018-5332", "CVE-2017-17449", "CVE-2018-10322", "CVE-2017-16650", "CVE-2018-10323", "CVE-2018-7995", "CVE-2018-5750", "CVE-2017-16538", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-16644", "CVE-2017-17864", "CVE-2018-5803", "CVE-2017-1000405", "CVE-2018-1000026", "CVE-2018-3639", "CVE-2017-17856"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874761", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874761", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_2a0f8b2c9d_kernel_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for kernel FEDORA-2018-2a0f8b2c9d\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874761\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-07-03 06:02:18 +0200 (Tue, 03 Jul 2018)\");\n script_cve_id(\"CVE-2018-12633\", \"CVE-2018-12232\", \"CVE-2018-10853\", \"CVE-2018-11506\",\n \"CVE-2018-10840\", \"CVE-2018-3639\", \"CVE-2018-1120\", \"CVE-2018-10322\",\n \"CVE-2018-10323\", \"CVE-2018-1108\", \"CVE-2018-10021\", \"CVE-2017-18232\",\n \"CVE-2018-7995\", \"CVE-2018-8043\", \"CVE-2018-7757\", \"CVE-2018-5803\",\n \"CVE-2018-1065\", \"CVE-2018-1000026\", \"CVE-2018-5750\", \"CVE-2018-1000004\",\n \"CVE-2018-5344\", \"CVE-2018-5332\", \"CVE-2018-5333\", \"CVE-2017-17862\",\n \"CVE-2017-17863\", \"CVE-2017-17864\", \"CVE-2017-17852\", \"CVE-2017-17853\",\n \"CVE-2017-17854\", \"CVE-2017-17855\", \"CVE-2017-17856\", \"CVE-2017-17857\",\n \"CVE-2017-17741\", \"CVE-2017-17712\", \"CVE-2017-17449\", \"CVE-2017-17450\",\n \"CVE-2017-17448\", \"CVE-2017-17558\", \"CVE-2017-8824\", \"CVE-2017-1000405\",\n \"CVE-2017-16649\", \"CVE-2017-16650\", \"CVE-2017-16644\", \"CVE-2017-16647\",\n \"CVE-2017-15115\", \"CVE-2017-16532\", \"CVE-2017-16538\", \"CVE-2017-12193\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2018-2a0f8b2c9d\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-2a0f8b2c9d\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QGVBVYZZR6UYWHRCMCVLU3DVJMBOYBLP\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.17.3~100.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:07", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-08-26T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2018-79d7c3d2df", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10021", "CVE-2018-8043", "CVE-2017-17863", "CVE-2018-13053", "CVE-2017-17450", "CVE-2018-1108", "CVE-2017-17558", "CVE-2018-12633", "CVE-2018-1000004", "CVE-2018-5333", "CVE-2017-17741", "CVE-2018-10840", "CVE-2018-13405", "CVE-2018-13095", "CVE-2017-12193", "CVE-2017-17862", "CVE-2018-12714", "CVE-2018-11506", "CVE-2018-12232", "CVE-2017-17852", "CVE-2018-10853", "CVE-2017-16532", "CVE-2017-16649", "CVE-2018-5344", "CVE-2017-17854", "CVE-2018-13093", "CVE-2017-17853", "CVE-2018-7757", "CVE-2017-15115", "CVE-2018-14734", "CVE-2017-17712", "CVE-2017-8824", "CVE-2017-17448", "CVE-2018-3646", "CVE-2018-1120", "CVE-2018-1065", "CVE-2017-18232", "CVE-2017-16647", "CVE-2018-5332", "CVE-2018-3620", "CVE-2017-17449", "CVE-2018-10322", "CVE-2018-15471", "CVE-2017-16650", "CVE-2018-10323", "CVE-2018-7995", "CVE-2018-14678", "CVE-2018-5750", "CVE-2017-16538", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-16644", "CVE-2017-17864", "CVE-2018-5803", "CVE-2017-1000405", "CVE-2018-1000026", "CVE-2018-3639", "CVE-2017-17856", "CVE-2018-12896", "CVE-2018-13094"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874998", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874998", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_79d7c3d2df_kernel_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for kernel FEDORA-2018-79d7c3d2df\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874998\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-08-26 07:09:43 +0200 (Sun, 26 Aug 2018)\");\n script_cve_id(\"CVE-2018-15471\", \"CVE-2018-3620\", \"CVE-2018-3646\", \"CVE-2018-14734\",\n \"CVE-2018-14678\", \"CVE-2018-13405\", \"CVE-2018-13053\", \"CVE-2018-12896\",\n \"CVE-2018-13093\", \"CVE-2018-13094\", \"CVE-2018-13095\", \"CVE-2018-12714\",\n \"CVE-2018-12633\", \"CVE-2018-12232\", \"CVE-2018-10853\", \"CVE-2018-11506\",\n \"CVE-2018-10840\", \"CVE-2018-3639\", \"CVE-2018-1120\", \"CVE-2018-10322\",\n \"CVE-2018-10323\", \"CVE-2018-1108\", \"CVE-2018-10021\", \"CVE-2017-18232\",\n \"CVE-2018-7995\", \"CVE-2018-8043\", \"CVE-2018-7757\", \"CVE-2018-5803\",\n \"CVE-2018-1065\", \"CVE-2018-1000026\", \"CVE-2018-5750\", \"CVE-2018-1000004\",\n \"CVE-2018-5344\", \"CVE-2018-5332\", \"CVE-2018-5333\", \"CVE-2017-17862\",\n \"CVE-2017-17863\", \"CVE-2017-17864\", \"CVE-2017-17852\", \"CVE-2017-17853\",\n \"CVE-2017-17854\", \"CVE-2017-17855\", \"CVE-2017-17856\", \"CVE-2017-17857\",\n \"CVE-2017-17741\", \"CVE-2017-17712\", \"CVE-2017-17449\", \"CVE-2017-17450\",\n \"CVE-2017-17448\", \"CVE-2017-17558\", \"CVE-2017-8824\", \"CVE-2017-1000405\",\n \"CVE-2017-16649\", \"CVE-2017-16650\", \"CVE-2017-16644\", \"CVE-2017-16647\",\n \"CVE-2017-15115\", \"CVE-2017-16532\", \"CVE-2017-16538\", \"CVE-2017-12193\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2018-79d7c3d2df\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-79d7c3d2df\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PWPRVELTRP4X6YB4R6SW3K356ROV3BE\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.17.17~100.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-04T17:06:35", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-05-12T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2018-884a105c04", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10021", "CVE-2017-14051", "CVE-2018-8043", "CVE-2017-17863", "CVE-2017-17450", "CVE-2017-5123", "CVE-2018-1108", "CVE-2017-17558", "CVE-2017-13695", "CVE-2018-1000004", "CVE-2017-1000111", "CVE-2018-5333", "CVE-2017-15265", "CVE-2017-17741", "CVE-2017-13694", "CVE-2017-12193", "CVE-2017-17862", "CVE-2017-13693", "CVE-2017-17852", "CVE-2017-16532", "CVE-2017-16649", "CVE-2018-5344", "CVE-2017-17854", "CVE-2017-17853", "CVE-2017-10810", "CVE-2018-7757", "CVE-2017-7533", "CVE-2017-15115", "CVE-2017-17712", "CVE-2017-8824", "CVE-2017-17448", "CVE-2017-1000251", "CVE-2017-1000112", "CVE-2018-1065", "CVE-2017-18232", "CVE-2017-7558", "CVE-2017-16647", "CVE-2018-5332", "CVE-2017-17449", "CVE-2017-1000255", "CVE-2017-16650", "CVE-2017-12134", "CVE-2017-12153", "CVE-2018-7995", "CVE-2018-5750", "CVE-2017-14497", "CVE-2017-16538", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-14954", "CVE-2017-16644", "CVE-2017-17864", "CVE-2017-12154", "CVE-2018-5803", "CVE-2017-1000405", "CVE-2018-1000026", "CVE-2017-12190", "CVE-2017-17856"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874427", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874427", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_884a105c04_kernel_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for kernel FEDORA-2018-884a105c04\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874427\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-05-12 06:00:51 +0200 (Sat, 12 May 2018)\");\n script_cve_id(\"CVE-2018-1108\", \"CVE-2018-10021\", \"CVE-2017-18232\", \"CVE-2018-7995\",\n \"CVE-2018-8043\", \"CVE-2018-7757\", \"CVE-2018-5803\", \"CVE-2018-1065\",\n \"CVE-2018-1000026\", \"CVE-2018-5750\", \"CVE-2018-1000004\", \"CVE-2018-5344\",\n \"CVE-2018-5332\", \"CVE-2018-5333\", \"CVE-2017-17862\", \"CVE-2017-17863\",\n \"CVE-2017-17864\", \"CVE-2017-17852\", \"CVE-2017-17853\", \"CVE-2017-17854\",\n \"CVE-2017-17855\", \"CVE-2017-17856\", \"CVE-2017-17857\", \"CVE-2017-17741\",\n \"CVE-2017-17712\", \"CVE-2017-17449\", \"CVE-2017-17450\", \"CVE-2017-17448\",\n \"CVE-2017-17558\", \"CVE-2017-8824\", \"CVE-2017-1000405\", \"CVE-2017-16649\",\n \"CVE-2017-16650\", \"CVE-2017-16644\", \"CVE-2017-16647\", \"CVE-2017-15115\",\n \"CVE-2017-16532\", \"CVE-2017-16538\", \"CVE-2017-12193\", \"CVE-2017-12190\",\n \"CVE-2017-5123\", \"CVE-2017-15265\", \"CVE-2017-1000255\", \"CVE-2017-14954\",\n \"CVE-2017-14497\", \"CVE-2017-12154\", \"CVE-2017-12153\", \"CVE-2017-1000251\",\n \"CVE-2017-14051\", \"CVE-2017-13693\", \"CVE-2017-13694\", \"CVE-2017-13695\",\n \"CVE-2017-7558\", \"CVE-2017-12134\", \"CVE-2017-1000111\", \"CVE-2017-1000112\",\n \"CVE-2017-7533\", \"CVE-2017-10810\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2018-884a105c04\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-884a105c04\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HM3JVAHYMEV65VTITHNUM7JTHTN7Q53I\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.16.7~100.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-06-04T17:01:11", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-04-18T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2018-4ca01704a2", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10021", "CVE-2017-14051", "CVE-2018-8043", "CVE-2017-17863", "CVE-2017-17450", "CVE-2017-5123", "CVE-2017-17558", "CVE-2017-13695", "CVE-2018-1000004", "CVE-2017-1000111", "CVE-2018-5333", "CVE-2017-15265", "CVE-2017-17741", "CVE-2017-13694", "CVE-2017-12193", "CVE-2017-17862", "CVE-2017-13693", "CVE-2017-17852", "CVE-2017-16532", "CVE-2017-16649", "CVE-2018-5344", "CVE-2017-17854", "CVE-2017-17853", "CVE-2017-10810", "CVE-2018-7757", "CVE-2017-7533", "CVE-2017-15115", "CVE-2017-17712", "CVE-2017-8824", "CVE-2017-17448", "CVE-2017-1000251", "CVE-2017-1000112", "CVE-2018-1065", "CVE-2017-18232", "CVE-2017-7558", "CVE-2017-16647", "CVE-2018-5332", "CVE-2017-17449", "CVE-2017-1000255", "CVE-2017-16650", "CVE-2017-12134", "CVE-2017-12153", "CVE-2018-7995", "CVE-2018-5750", "CVE-2017-14497", "CVE-2017-16538", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-14954", "CVE-2017-16644", "CVE-2017-17864", "CVE-2017-12154", "CVE-2018-5803", "CVE-2017-1000405", "CVE-2018-1000026", "CVE-2017-12190", "CVE-2017-17856"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874365", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874365", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_4ca01704a2_kernel_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for kernel FEDORA-2018-4ca01704a2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874365\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-04-18 08:54:26 +0200 (Wed, 18 Apr 2018)\");\n script_cve_id(\"CVE-2018-10021\", \"CVE-2017-18232\", \"CVE-2018-7995\", \"CVE-2018-8043\",\n \"CVE-2018-7757\", \"CVE-2018-5803\", \"CVE-2018-1065\", \"CVE-2018-1000026\",\n \"CVE-2018-5750\", \"CVE-2018-1000004\", \"CVE-2018-5344\", \"CVE-2018-5332\",\n \"CVE-2018-5333\", \"CVE-2017-17862\", \"CVE-2017-17863\", \"CVE-2017-17864\",\n \"CVE-2017-17852\", \"CVE-2017-17853\", \"CVE-2017-17854\", \"CVE-2017-17855\",\n \"CVE-2017-17856\", \"CVE-2017-17857\", \"CVE-2017-17741\", \"CVE-2017-17712\",\n \"CVE-2017-17449\", \"CVE-2017-17450\", \"CVE-2017-17448\", \"CVE-2017-17558\",\n \"CVE-2017-8824\", \"CVE-2017-1000405\", \"CVE-2017-16649\", \"CVE-2017-16650\",\n \"CVE-2017-16644\", \"CVE-2017-16647\", \"CVE-2017-15115\", \"CVE-2017-16532\",\n \"CVE-2017-16538\", \"CVE-2017-12193\", \"CVE-2017-12190\", \"CVE-2017-5123\",\n \"CVE-2017-15265\", \"CVE-2017-1000255\", \"CVE-2017-14954\", \"CVE-2017-14497\",\n \"CVE-2017-12154\", \"CVE-2017-12153\", \"CVE-2017-1000251\", \"CVE-2017-14051\",\n \"CVE-2017-13693\", \"CVE-2017-13694\", \"CVE-2017-13695\", \"CVE-2017-7558\",\n \"CVE-2017-12134\", \"CVE-2017-1000111\", \"CVE-2017-1000112\", \"CVE-2017-7533\",\n \"CVE-2017-10810\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2018-4ca01704a2\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"FEDORA\", value:\"2018-4ca01704a2\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3MAKT7ZDC6T4B52QFNRBYKWU75JMUX5C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.15.17~200.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:33:03", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-07-15T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2018-8484550fff", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10021", "CVE-2018-8043", "CVE-2017-17863", "CVE-2018-13053", "CVE-2017-17450", "CVE-2018-1108", "CVE-2017-17558", "CVE-2018-12633", "CVE-2018-1000004", "CVE-2018-5333", "CVE-2017-17741", "CVE-2018-10840", "CVE-2018-13405", "CVE-2018-13095", "CVE-2017-12193", "CVE-2017-17862", "CVE-2018-12714", "CVE-2018-13406", "CVE-2018-11506", "CVE-2018-12232", "CVE-2017-17852", "CVE-2018-10853", "CVE-2017-16532", "CVE-2017-16649", "CVE-2018-5344", "CVE-2017-17854", "CVE-2018-13093", "CVE-2017-17853", "CVE-2018-7757", "CVE-2017-15115", "CVE-2017-17712", "CVE-2017-8824", "CVE-2017-17448", "CVE-2018-1120", "CVE-2018-1065", "CVE-2017-18232", "CVE-2017-16647", "CVE-2018-5332", "CVE-2017-17449", "CVE-2018-10322", "CVE-2017-16650", "CVE-2018-10323", "CVE-2018-7995", "CVE-2018-5750", "CVE-2017-16538", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-16644", "CVE-2017-17864", "CVE-2018-5803", "CVE-2017-1000405", "CVE-2018-1000026", "CVE-2018-3639", "CVE-2017-17856", "CVE-2018-12896", "CVE-2018-13094"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874813", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874813", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_8484550fff_kernel_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for kernel FEDORA-2018-8484550fff\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874813\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-07-15 06:04:39 +0200 (Sun, 15 Jul 2018)\");\n script_cve_id(\"CVE-2018-13405\", \"CVE-2018-13053\", \"CVE-2018-12896\", \"CVE-2018-13093\",\n \"CVE-2018-13094\", \"CVE-2018-13095\", \"CVE-2018-12714\", \"CVE-2018-12633\",\n \"CVE-2018-12232\", \"CVE-2018-10853\", \"CVE-2018-11506\", \"CVE-2018-10840\",\n \"CVE-2018-3639\", \"CVE-2018-1120\", \"CVE-2018-10322\", \"CVE-2018-10323\",\n \"CVE-2018-1108\", \"CVE-2018-10021\", \"CVE-2017-18232\", \"CVE-2018-7995\",\n \"CVE-2018-8043\", \"CVE-2018-7757\", \"CVE-2018-5803\", \"CVE-2018-1065\",\n \"CVE-2018-1000026\", \"CVE-2018-5750\", \"CVE-2018-1000004\", \"CVE-2018-5344\",\n \"CVE-2018-5332\", \"CVE-2018-5333\", \"CVE-2017-17862\", \"CVE-2017-17863\",\n \"CVE-2017-17864\", \"CVE-2017-17852\", \"CVE-2017-17853\", \"CVE-2017-17854\",\n \"CVE-2017-17855\", \"CVE-2017-17856\", \"CVE-2017-17857\", \"CVE-2017-17741\",\n \"CVE-2017-17712\", \"CVE-2017-17449\", \"CVE-2017-17450\", \"CVE-2017-17448\",\n \"CVE-2017-17558\", \"CVE-2017-8824\", \"CVE-2017-1000405\", \"CVE-2017-16649\",\n \"CVE-2017-16650\", \"CVE-2017-16644\", \"CVE-2017-16647\", \"CVE-2017-15115\",\n \"CVE-2017-16532\", \"CVE-2017-16538\", \"CVE-2017-12193\", \"CVE-2018-13406\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2018-8484550fff\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-8484550fff\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOZHI2THAILWJPPQV3NONSSGW7WEZHWA\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.17.5~100.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:32:55", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-08-10T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2018-2f6df9abfb", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10021", "CVE-2018-8043", "CVE-2017-17863", "CVE-2018-13053", "CVE-2017-17450", "CVE-2018-1108", "CVE-2017-17558", "CVE-2018-12633", "CVE-2018-1000004", "CVE-2018-5333", "CVE-2017-17741", "CVE-2018-10840", "CVE-2018-13405", "CVE-2018-13095", "CVE-2017-12193", "CVE-2017-17862", "CVE-2018-12714", "CVE-2018-11506", "CVE-2018-12232", "CVE-2017-17852", "CVE-2018-10853", "CVE-2017-16532", "CVE-2017-16649", "CVE-2018-5344", "CVE-2017-17854", "CVE-2018-13093", "CVE-2017-17853", "CVE-2018-7757", "CVE-2017-15115", "CVE-2018-14734", "CVE-2017-17712", "CVE-2017-8824", "CVE-2017-17448", "CVE-2018-1120", "CVE-2018-1065", "CVE-2017-18232", "CVE-2017-16647", "CVE-2018-5332", "CVE-2017-17449", "CVE-2018-10322", "CVE-2017-16650", "CVE-2018-10323", "CVE-2018-7995", "CVE-2018-14678", "CVE-2018-5750", "CVE-2017-16538", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-16644", "CVE-2017-17864", "CVE-2018-5803", "CVE-2017-1000405", "CVE-2018-1000026", "CVE-2018-3639", "CVE-2017-17856", "CVE-2018-12896", "CVE-2018-13094"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874919", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874919", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_2f6df9abfb_kernel_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for kernel FEDORA-2018-2f6df9abfb\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874919\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-08-10 06:22:46 +0200 (Fri, 10 Aug 2018)\");\n script_cve_id(\"CVE-2018-14734\", \"CVE-2018-14678\", \"CVE-2018-13405\", \"CVE-2018-13053\",\n \"CVE-2018-12896\", \"CVE-2018-13093\", \"CVE-2018-13094\", \"CVE-2018-13095\",\n \"CVE-2018-12714\", \"CVE-2018-12633\", \"CVE-2018-12232\", \"CVE-2018-10853\",\n \"CVE-2018-11506\", \"CVE-2018-10840\", \"CVE-2018-3639\", \"CVE-2018-1120\",\n \"CVE-2018-10322\", \"CVE-2018-10323\", \"CVE-2018-1108\", \"CVE-2018-10021\",\n \"CVE-2017-18232\", \"CVE-2018-7995\", \"CVE-2018-8043\", \"CVE-2018-7757\",\n \"CVE-2018-5803\", \"CVE-2018-1065\", \"CVE-2018-1000026\", \"CVE-2018-5750\",\n \"CVE-2018-1000004\", \"CVE-2018-5344\", \"CVE-2018-5332\", \"CVE-2018-5333\",\n \"CVE-2017-17862\", \"CVE-2017-17863\", \"CVE-2017-17864\", \"CVE-2017-17852\",\n \"CVE-2017-17853\", \"CVE-2017-17854\", \"CVE-2017-17855\", \"CVE-2017-17856\",\n \"CVE-2017-17857\", \"CVE-2017-17741\", \"CVE-2017-17712\", \"CVE-2017-17449\",\n \"CVE-2017-17450\", \"CVE-2017-17448\", \"CVE-2017-17558\", \"CVE-2017-8824\",\n \"CVE-2017-1000405\", \"CVE-2017-16649\", \"CVE-2017-16650\", \"CVE-2017-16644\",\n \"CVE-2017-16647\", \"CVE-2017-15115\", \"CVE-2017-16532\", \"CVE-2017-16538\",\n \"CVE-2017-12193\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2018-2f6df9abfb\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-2f6df9abfb\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E2UJZBTWLH7WHZLJ6CMPDARHBP5OQRHT\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.17.12~100.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:08", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-08-04T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2018-49bda79bd5", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10021", "CVE-2018-8043", "CVE-2017-17863", "CVE-2018-13053", "CVE-2017-17450", "CVE-2018-1108", "CVE-2017-17558", "CVE-2018-12633", "CVE-2018-1000004", "CVE-2018-5333", "CVE-2017-17741", "CVE-2018-10840", "CVE-2018-13405", "CVE-2018-13095", "CVE-2017-12193", "CVE-2017-17862", "CVE-2018-12714", "CVE-2018-11506", "CVE-2018-12232", "CVE-2017-17852", "CVE-2018-10853", "CVE-2017-16532", "CVE-2017-16649", "CVE-2018-5344", "CVE-2017-17854", "CVE-2018-13093", "CVE-2017-17853", "CVE-2018-7757", "CVE-2017-15115", "CVE-2017-17712", "CVE-2017-8824", "CVE-2017-17448", "CVE-2018-1120", "CVE-2018-1065", "CVE-2017-18232", "CVE-2017-16647", "CVE-2018-5332", "CVE-2017-17449", "CVE-2018-10322", "CVE-2017-16650", "CVE-2018-10323", "CVE-2018-7995", "CVE-2018-14678", "CVE-2018-5750", "CVE-2017-16538", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-16644", "CVE-2017-17864", "CVE-2018-5803", "CVE-2017-1000405", "CVE-2018-1000026", "CVE-2018-3639", "CVE-2017-17856", "CVE-2018-12896", "CVE-2018-13094"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874890", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874890", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_49bda79bd5_kernel_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for kernel FEDORA-2018-49bda79bd5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874890\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-08-04 06:04:25 +0200 (Sat, 04 Aug 2018)\");\n script_cve_id(\"CVE-2018-14678\", \"CVE-2018-13405\", \"CVE-2018-13053\", \"CVE-2018-12896\",\n \"CVE-2018-13093\", \"CVE-2018-13094\", \"CVE-2018-13095\", \"CVE-2018-12714\",\n \"CVE-2018-12633\", \"CVE-2018-12232\", \"CVE-2018-10853\", \"CVE-2018-11506\",\n \"CVE-2018-10840\", \"CVE-2018-3639\", \"CVE-2018-1120\", \"CVE-2018-10322\",\n \"CVE-2018-10323\", \"CVE-2018-1108\", \"CVE-2018-10021\", \"CVE-2017-18232\",\n \"CVE-2018-7995\", \"CVE-2018-8043\", \"CVE-2018-7757\", \"CVE-2018-5803\",\n \"CVE-2018-1065\", \"CVE-2018-1000026\", \"CVE-2018-5750\", \"CVE-2018-1000004\",\n \"CVE-2018-5344\", \"CVE-2018-5332\", \"CVE-2018-5333\", \"CVE-2017-17862\",\n \"CVE-2017-17863\", \"CVE-2017-17864\", \"CVE-2017-17852\", \"CVE-2017-17853\",\n \"CVE-2017-17854\", \"CVE-2017-17855\", \"CVE-2017-17856\", \"CVE-2017-17857\",\n \"CVE-2017-17741\", \"CVE-2017-17712\", \"CVE-2017-17449\", \"CVE-2017-17450\",\n \"CVE-2017-17448\", \"CVE-2017-17558\", \"CVE-2017-8824\", \"CVE-2017-1000405\",\n \"CVE-2017-16649\", \"CVE-2017-16650\", \"CVE-2017-16644\", \"CVE-2017-16647\",\n \"CVE-2017-15115\", \"CVE-2017-16532\", \"CVE-2017-16538\", \"CVE-2017-12193\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2018-49bda79bd5\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-49bda79bd5\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3AQDHJH4EQZ2WK343QWMUIUUHBY6PQ4\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.17.11~100.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:09", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-08-19T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2018-1c80fea1cd", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10021", "CVE-2018-8043", "CVE-2017-17863", "CVE-2018-13053", "CVE-2017-17450", "CVE-2018-1108", "CVE-2017-17558", "CVE-2018-12633", "CVE-2018-1000004", "CVE-2018-5333", "CVE-2017-17741", "CVE-2018-10840", "CVE-2018-13405", "CVE-2018-13095", "CVE-2017-12193", "CVE-2017-17862", "CVE-2018-12714", "CVE-2018-11506", "CVE-2018-12232", "CVE-2017-17852", "CVE-2018-10853", "CVE-2017-16532", "CVE-2017-16649", "CVE-2018-5344", "CVE-2017-17854", "CVE-2018-13093", "CVE-2017-17853", "CVE-2018-7757", "CVE-2017-15115", "CVE-2018-14734", "CVE-2017-17712", "CVE-2017-8824", "CVE-2017-17448", "CVE-2018-3646", "CVE-2018-1120", "CVE-2018-1065", "CVE-2017-18232", "CVE-2017-16647", "CVE-2018-5332", "CVE-2018-3620", "CVE-2017-17449", "CVE-2018-10322", "CVE-2017-16650", "CVE-2018-10323", "CVE-2018-7995", "CVE-2018-14678", "CVE-2018-5750", "CVE-2017-16538", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-16644", "CVE-2017-17864", "CVE-2018-5803", "CVE-2017-1000405", "CVE-2018-1000026", "CVE-2018-3639", "CVE-2017-17856", "CVE-2018-12896", "CVE-2018-13094"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874964", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874964", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_1c80fea1cd_kernel_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for kernel FEDORA-2018-1c80fea1cd\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874964\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-08-19 06:42:42 +0200 (Sun, 19 Aug 2018)\");\n script_cve_id(\"CVE-2018-3620\", \"CVE-2018-3646\", \"CVE-2018-14734\", \"CVE-2018-14678\",\n \"CVE-2018-13405\", \"CVE-2018-13053\", \"CVE-2018-12896\", \"CVE-2018-13093\",\n \"CVE-2018-13094\", \"CVE-2018-13095\", \"CVE-2018-12714\", \"CVE-2018-12633\",\n \"CVE-2018-12232\", \"CVE-2018-10853\", \"CVE-2018-11506\", \"CVE-2018-10840\",\n \"CVE-2018-3639\", \"CVE-2018-1120\", \"CVE-2018-10322\", \"CVE-2018-10323\",\n \"CVE-2018-1108\", \"CVE-2018-10021\", \"CVE-2017-18232\", \"CVE-2018-7995\",\n \"CVE-2018-8043\", \"CVE-2018-7757\", \"CVE-2018-5803\", \"CVE-2018-1065\",\n \"CVE-2018-1000026\", \"CVE-2018-5750\", \"CVE-2018-1000004\", \"CVE-2018-5344\",\n \"CVE-2018-5332\", \"CVE-2018-5333\", \"CVE-2017-17862\", \"CVE-2017-17863\",\n \"CVE-2017-17864\", \"CVE-2017-17852\", \"CVE-2017-17853\", \"CVE-2017-17854\",\n \"CVE-2017-17855\", \"CVE-2017-17856\", \"CVE-2017-17857\", \"CVE-2017-17741\",\n \"CVE-2017-17712\", \"CVE-2017-17449\", \"CVE-2017-17450\", \"CVE-2017-17448\",\n \"CVE-2017-17558\", \"CVE-2017-8824\", \"CVE-2017-1000405\", \"CVE-2017-16649\",\n \"CVE-2017-16650\", \"CVE-2017-16644\", \"CVE-2017-16647\", \"CVE-2017-15115\",\n \"CVE-2017-16532\", \"CVE-2017-16538\", \"CVE-2017-12193\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2018-1c80fea1cd\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-1c80fea1cd\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XRFKQWYV2H4BV75CUNGCGE5TNVQCLBGZ\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.17.14~102.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-04T17:06:26", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-05-30T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2018-6367a17aa3", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10021", "CVE-2017-14051", "CVE-2018-8043", "CVE-2017-17863", "CVE-2017-17450", "CVE-2017-5123", "CVE-2018-1108", "CVE-2017-17558", "CVE-2017-13695", "CVE-2018-1000004", "CVE-2017-1000111", "CVE-2018-5333", "CVE-2017-15265", "CVE-2017-17741", "CVE-2017-13694", "CVE-2017-12193", "CVE-2017-17862", "CVE-2017-13693", "CVE-2017-17852", "CVE-2017-16532", "CVE-2017-16649", "CVE-2018-5344", "CVE-2017-17854", "CVE-2017-17853", "CVE-2017-10810", "CVE-2018-7757", "CVE-2017-7533", "CVE-2017-15115", "CVE-2017-17712", "CVE-2017-8824", "CVE-2017-17448", "CVE-2017-1000251", "CVE-2018-1120", "CVE-2017-1000112", "CVE-2018-1065", "CVE-2017-18232", "CVE-2017-7558", "CVE-2017-16647", "CVE-2018-5332", "CVE-2017-17449", "CVE-2017-1000255", "CVE-2018-10322", "CVE-2017-16650", "CVE-2017-12134", "CVE-2018-10323", "CVE-2017-12153", "CVE-2018-7995", "CVE-2018-5750", "CVE-2017-14497", "CVE-2017-16538", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-14954", "CVE-2017-16644", "CVE-2017-17864", "CVE-2017-12154", "CVE-2018-5803", "CVE-2017-1000405", "CVE-2018-1000026", "CVE-2017-12190", "CVE-2018-3639", "CVE-2017-17856"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874619", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874619", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_6367a17aa3_kernel_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for kernel FEDORA-2018-6367a17aa3\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874619\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-05-30 05:57:30 +0200 (Wed, 30 May 2018)\");\n script_cve_id(\"CVE-2018-3639\", \"CVE-2018-1120\", \"CVE-2018-10322\", \"CVE-2018-10323\",\n \"CVE-2018-1108\", \"CVE-2018-10021\", \"CVE-2017-18232\", \"CVE-2018-7995\",\n \"CVE-2018-8043\", \"CVE-2018-7757\", \"CVE-2018-5803\", \"CVE-2018-1065\",\n \"CVE-2018-1000026\", \"CVE-2018-5750\", \"CVE-2018-1000004\", \"CVE-2018-5344\",\n \"CVE-2018-5332\", \"CVE-2018-5333\", \"CVE-2017-17862\", \"CVE-2017-17863\",\n \"CVE-2017-17864\", \"CVE-2017-17852\", \"CVE-2017-17853\", \"CVE-2017-17854\",\n \"CVE-2017-17855\", \"CVE-2017-17856\", \"CVE-2017-17857\", \"CVE-2017-17741\",\n \"CVE-2017-17712\", \"CVE-2017-17449\", \"CVE-2017-17450\", \"CVE-2017-17448\",\n \"CVE-2017-17558\", \"CVE-2017-8824\", \"CVE-2017-1000405\", \"CVE-2017-16649\",\n \"CVE-2017-16650\", \"CVE-2017-16644\", \"CVE-2017-16647\", \"CVE-2017-15115\",\n \"CVE-2017-16532\", \"CVE-2017-16538\", \"CVE-2017-12193\", \"CVE-2017-12190\",\n \"CVE-2017-5123\", \"CVE-2017-15265\", \"CVE-2017-1000255\", \"CVE-2017-14954\",\n \"CVE-2017-14497\", \"CVE-2017-12154\", \"CVE-2017-12153\", \"CVE-2017-1000251\",\n \"CVE-2017-14051\", \"CVE-2017-13693\", \"CVE-2017-13694\", \"CVE-2017-13695\",\n \"CVE-2017-7558\", \"CVE-2017-12134\", \"CVE-2017-1000111\", \"CVE-2017-1000112\",\n \"CVE-2017-7533\", \"CVE-2017-10810\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2018-6367a17aa3\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-6367a17aa3\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6U7NCPMTQKKHLC4ZHQCTLYN4LCP2JQ4C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.16.11~100.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:33:08", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-09-27T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2018-d77cc41f35", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10021", "CVE-2018-8043", "CVE-2017-17863", "CVE-2018-13053", "CVE-2017-17450", "CVE-2018-1108", "CVE-2017-17558", "CVE-2018-12633", "CVE-2018-1000004", "CVE-2018-5333", "CVE-2017-17741", "CVE-2018-10840", "CVE-2018-13405", "CVE-2018-13095", "CVE-2017-12193", "CVE-2017-17862", "CVE-2018-12714", "CVE-2018-11506", "CVE-2018-12232", "CVE-2017-17852", "CVE-2018-10853", "CVE-2017-16532", "CVE-2017-16649", "CVE-2018-5344", "CVE-2017-17854", "CVE-2018-13093", "CVE-2017-17853", "CVE-2018-17182", "CVE-2018-7757", "CVE-2017-15115", "CVE-2018-14734", "CVE-2017-17712", "CVE-2017-8824", "CVE-2017-17448", "CVE-2018-3646", "CVE-2018-1120", "CVE-2018-5391", "CVE-2018-1065", "CVE-2017-18232", "CVE-2017-16647", "CVE-2018-5332", "CVE-2018-3620", "CVE-2017-17449", "CVE-2018-10322", "CVE-2018-15471", "CVE-2017-16650", "CVE-2018-10323", "CVE-2018-7995", "CVE-2018-14678", "CVE-2018-5750", "CVE-2017-16538", "CVE-2017-17855", "CVE-2017-17857", "CVE-2017-16644", "CVE-2017-17864", "CVE-2018-5803", "CVE-2017-1000405", "CVE-2018-1000026", "CVE-2018-3639", "CVE-2017-17856", "CVE-2018-12896", "CVE-2018-13094"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310875099", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875099", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_d77cc41f35_kernel_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for kernel FEDORA-2018-d77cc41f35\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875099\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-09-27 08:31:40 +0200 (Thu, 27 Sep 2018)\");\n script_cve_id(\"CVE-2018-5391\", \"CVE-2018-15471\", \"CVE-2018-3620\", \"CVE-2018-3646\",\n \"CVE-2018-14734\", \"CVE-2018-14678\", \"CVE-2018-13405\", \"CVE-2018-13053\",\n \"CVE-2018-12896\", \"CVE-2018-13093\", \"CVE-2018-13094\", \"CVE-2018-13095\",\n \"CVE-2018-12714\", \"CVE-2018-12633\", \"CVE-2018-12232\", \"CVE-2018-10853\",\n \"CVE-2018-11506\", \"CVE-2018-10840\", \"CVE-2018-3639\", \"CVE-2018-1120\",\n \"CVE-2018-10322\", \"CVE-2018-10323\", \"CVE-2018-1108\", \"CVE-2018-10021\",\n \"CVE-2017-18232\", \"CVE-2018-7995\", \"CVE-2018-8043\", \"CVE-2018-7757\",\n \"CVE-2018-5803\", \"CVE-2018-1065\", \"CVE-2018-1000026\", \"CVE-2018-5750\",\n \"CVE-2018-1000004\", \"CVE-2018-5344\", \"CVE-2018-5332\", \"CVE-2018-5333\",\n \"CVE-2017-17862\", \"CVE-2017-17863\", \"CVE-2017-17864\", \"CVE-2017-17852\",\n \"CVE-2017-17853\", \"CVE-2017-17854\", \"CVE-2017-17855\", \"CVE-2017-17856\",\n \"CVE-2017-17857\", \"CVE-2017-17741\", \"CVE-2017-17712\", \"CVE-2017-17449\",\n \"CVE-2017-17450\", \"CVE-2017-17448\", \"CVE-2017-17558\", \"CVE-2017-8824\",\n \"CVE-2017-1000405\", \"CVE-2017-16649\", \"CVE-2017-16650\", \"CVE-2017-16644\",\n \"CVE-2017-16647\", \"CVE-2017-15115\", \"CVE-2017-16532\", \"CVE-2017-16538\",\n \"CVE-2017-12193\", \"CVE-2018-17182\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2018-d77cc41f35\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-d77cc41f35\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKESRJO5EIBN6QFG4PO463OGQRU6HFOF\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.18.9~100.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:32:56", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-10-02T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2018-c0a1284064", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10021", "CVE-2018-8043", "CVE-2017-17863", "CVE-2018-13053", "CVE-2017-17450", "CVE-2018-1108", "CVE-2017-17558", "CVE-2018-12633", "CVE-2018-1000004", "CVE-2018-5333", "CVE-2017-17741", "CVE-2018-10840", "CVE-2018-13405", "CVE-2018-13095", "CVE-2017-12193", "CVE-2017-17862", "CVE-2018-12714", "CVE-2018-11506", "CVE-2018-12232", "CVE-2017-17852", "CVE-2018-10853", "CVE-2017-16532", "CVE-2017-16649", "CVE-2018-5344", "CVE-2017-17854", "CVE-2018-13093", "CVE-2017-17853", "CVE-2018-17182", "CVE-2018-7757", "CVE-2017-15115", "CVE-2018-14734", "CVE-2017-17712", "CVE-2017-8824", "CVE-2017-17448", "CVE-2018-3646", "CVE-2018-1120", "CVE-2018-5391", "CVE-2018-1065", "CVE-2017-18232", "CVE-2017-16647", "CVE-2018-5332", "CVE-2018-3620", "CVE-2017-17449", "CVE-2018-10322", "CVE-2018-15471", "CVE-2017-16650", "CVE-2018-10323", "CVE-2018-7995", "CVE-2018-14678", "CVE-2018-5750", "CVE-2017-16538", "CVE-2017-17855", "CVE-2018-14633", "CVE-2017-17857", "CVE-2017-16644", "CVE-2017-17864", "CVE-2018-5803", "CVE-2017-1000405", "CVE-2018-1000026", "CVE-2018-3639", "CVE-2017-17856", "CVE-2018-12896", "CVE-2018-13094"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310875128", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875128", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_c0a1284064_kernel_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for kernel FEDORA-2018-c0a1284064\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875128\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-10-02 08:30:25 +0200 (Tue, 02 Oct 2018)\");\n script_cve_id(\"CVE-2018-14633\", \"CVE-2018-17182\", \"CVE-2018-5391\", \"CVE-2018-15471\",\n \"CVE-2018-3620\", \"CVE-2018-3646\", \"CVE-2018-14734\", \"CVE-2018-14678\",\n \"CVE-2018-13405\", \"CVE-2018-13053\", \"CVE-2018-12896\", \"CVE-2018-13093\",\n \"CVE-2018-13094\", \"CVE-2018-13095\", \"CVE-2018-12714\", \"CVE-2018-12633\",\n \"CVE-2018-12232\", \"CVE-2018-10853\", \"CVE-2018-11506\", \"CVE-2018-10840\",\n \"CVE-2018-3639\", \"CVE-2018-1120\", \"CVE-2018-10322\", \"CVE-2018-10323\",\n \"CVE-2018-1108\", \"CVE-2018-10021\", \"CVE-2017-18232\", \"CVE-2018-7995\",\n \"CVE-2018-8043\", \"CVE-2018-7757\", \"CVE-2018-5803\", \"CVE-2018-1065\",\n \"CVE-2018-1000026\", \"CVE-2018-5750\", \"CVE-2018-1000004\", \"CVE-2018-5344\",\n \"CVE-2018-5332\", \"CVE-2018-5333\", \"CVE-2017-17862\", \"CVE-2017-17863\",\n \"CVE-2017-17864\", \"CVE-2017-17852\", \"CVE-2017-17853\", \"CVE-2017-17854\",\n \"CVE-2017-17855\", \"CVE-2017-17856\", \"CVE-2017-17857\", \"CVE-2017-17741\",\n \"CVE-2017-17712\", \"CVE-2017-17449\", \"CVE-2017-17450\", \"CVE-2017-17448\",\n \"CVE-2017-17558\", \"CVE-2017-8824\", \"CVE-2017-1000405\", \"CVE-2017-16649\",\n \"CVE-2017-16650\", \"CVE-2017-16644\", \"CVE-2017-16647\", \"CVE-2017-15115\",\n \"CVE-2017-16532\", \"CVE-2017-16538\", \"CVE-2017-12193\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2018-c0a1284064\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-c0a1284064\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3KRIRC4X5WWFMPBCO7YX3WEQQGQBGTNO\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.18.10~100.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:04", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-10-17T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2018-2ee3411cb8", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10021", "CVE-2018-8043", "CVE-2017-17863", "CVE-2018-13053", "CVE-2017-17450", "CVE-2018-1108", "CVE-2017-17558", "CVE-2018-12633", "CVE-2018-1000004", "CVE-2018-5333", "CVE-2017-17741", "CVE-2018-10840", "CVE-2018-13405", "CVE-2018-13095", "CVE-2017-12193", "CVE-2017-17862", "CVE-2018-12714", "CVE-2018-11506", "CVE-2018-12232", "CVE-2017-17852", "CVE-2018-10853", "CVE-2017-16532", "CVE-2017-16649", "CVE-2018-5344", "CVE-2017-17854", "CVE-2018-13093", "CVE-2017-17853", "CVE-2018-17182", "CVE-2018-7757", "CVE-2017-15115", "CVE-2018-14734", "CVE-2017-17712", "CVE-2017-8824", "CVE-2017-17448", "CVE-2018-3646", "CVE-2018-1120", "CVE-2018-5391", "CVE-2018-1065", "CVE-2017-18232", "CVE-2017-16647", "CVE-2018-5332", "CVE-2018-3620", "CVE-2017-17449", "CVE-2018-10322", "CVE-2018-15471", "CVE-2017-16650", "CVE-2018-17972", "CVE-2018-10323", "CVE-2018-7995", "CVE-2018-14678", "CVE-2018-5750", "CVE-2017-16538", "CVE-2017-17855", "CVE-2018-14633", "CVE-2017-17857", "CVE-2017-16644", "CVE-2017-17864", "CVE-2018-5803", "CVE-2017-1000405", "CVE-2018-1000026", "CVE-2018-3639", "CVE-2017-17856", "CVE-2018-12896", "CVE-2018-13094"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310875201", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875201", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_2ee3411cb8_kernel_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for kernel FEDORA-2018-2ee3411cb8\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875201\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-10-17 06:39:38 +0200 (Wed, 17 Oct 2018)\");\n script_cve_id(\"CVE-2018-14633\", \"CVE-2018-17182\", \"CVE-2018-5391\", \"CVE-2018-15471\",\n \"CVE-2018-3620\", \"CVE-2018-3646\", \"CVE-2018-14734\", \"CVE-2018-14678\",\n \"CVE-2018-13405\", \"CVE-2018-13053\", \"CVE-2018-12896\", \"CVE-2018-13093\",\n \"CVE-2018-13094\", \"CVE-2018-13095\", \"CVE-2018-12714\", \"CVE-2018-12633\",\n \"CVE-2018-12232\", \"CVE-2018-10853\", \"CVE-2018-11506\", \"CVE-2018-10840\",\n \"CVE-2018-3639\", \"CVE-2018-1120\", \"CVE-2018-10322\", \"CVE-2018-10323\",\n \"CVE-2018-1108\", \"CVE-2018-10021\", \"CVE-2017-18232\", \"CVE-2018-7995\",\n \"CVE-2018-8043\", \"CVE-2018-7757\", \"CVE-2018-5803\", \"CVE-2018-1065\",\n \"CVE-2018-1000026\", \"CVE-2018-5750\", \"CVE-2018-1000004\", \"CVE-2018-5344\",\n \"CVE-2018-5332\", \"CVE-2018-5333\", \"CVE-2017-17862\", \"CVE-2017-17863\",\n \"CVE-2017-17864\", \"CVE-2017-17852\", \"CVE-2017-17853\", \"CVE-2017-17854\",\n \"CVE-2017-17855\", \"CVE-2017-17856\", \"CVE-2017-17857\", \"CVE-2017-17741\",\n \"CVE-2017-17712\", \"CVE-2017-17449\", \"CVE-2017-17450\", \"CVE-2017-17448\",\n \"CVE-2017-17558\", \"CVE-2017-8824\", \"CVE-2017-1000405\", \"CVE-2017-16649\",\n \"CVE-2017-16650\", \"CVE-2017-16644\", \"CVE-2017-16647\", \"CVE-2017-15115\",\n \"CVE-2017-16532\", \"CVE-2017-16538\", \"CVE-2017-12193\", \"CVE-2018-17972\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2018-2ee3411cb8\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-2ee3411cb8\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ACX4WW5ZZ3PNMAEPZVJGMZ2D2BYHVMUD\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.18.13~100.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:00", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-12-04T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2018-b68776e5b0", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10021", "CVE-2018-8043", "CVE-2017-17863", "CVE-2018-13053", "CVE-2017-17450", "CVE-2018-1108", "CVE-2017-17558", "CVE-2018-12633", "CVE-2018-1000004", "CVE-2018-5333", "CVE-2017-17741", "CVE-2018-10840", "CVE-2018-13405", "CVE-2018-13095", "CVE-2017-12193", "CVE-2017-17862", "CVE-2018-12714", "CVE-2018-11506", "CVE-2018-12232", "CVE-2017-17852", "CVE-2018-10853", "CVE-2017-16532", "CVE-2017-16649", "CVE-2018-5344", "CVE-2017-17854", "CVE-2018-13093", "CVE-2017-17853", "CVE-2018-17182", "CVE-2018-7757", "CVE-2017-15115", "CVE-2018-14734", "CVE-2017-17712", "CVE-2017-8824", "CVE-2017-17448", "CVE-2018-3646", "CVE-2018-1120", "CVE-2018-5391", "CVE-2018-1065", "CVE-2017-18232", "CVE-2018-18710", "CVE-2017-16647", "CVE-2018-5332", "CVE-2018-3620", "CVE-2017-17449", "CVE-2018-10322", "CVE-2018-15471", "CVE-2017-16650", "CVE-2018-10323", "CVE-2018-7995", "CVE-2018-14678", "CVE-2018-5750", "CVE-2017-16538", "CVE-2017-17855", "CVE-2018-14633", "CVE-2017-17857", "CVE-2017-16644", "CVE-2017-17864", "CVE-2018-5803", "CVE-2017-1000405", "CVE-2018-1000026", "CVE-2018-3639", "CVE-2017-17856", "CVE-2018-12896", "CVE-2018-13094"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310875334", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875334", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_b68776e5b0_kernel_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for kernel FEDORA-2018-b68776e5b0\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875334\");\n script_version(\"$Revision: 14223 $\");\n script_cve_id(\"CVE-2018-18710\", \"CVE-2018-14633\", \"CVE-2018-17182\", \"CVE-2018-5391\", \"CVE-2018-15471\", \"CVE-2018-3620\", \"CVE-2018-3646\", \"CVE-2018-14734\", \"CVE-2018-14678\", \"CVE-2018-13405\", \"CVE-2018-13053\", \"CVE-2018-12896\", \"CVE-2018-13093\", \"CVE-2018-13094\", \"CVE-2018-13095\", \"CVE-2018-12714\", \"CVE-2018-12633\", \"CVE-2018-12232\", \"CVE-2018-10853\", \"CVE-2018-11506\", \"CVE-2018-10840\", \"CVE-2018-3639\", \"CVE-2018-1120\", \"CVE-2018-10322\", \"CVE-2018-10323\", \"CVE-2018-1108\", \"CVE-2018-10021\", \"CVE-2017-18232\", \"CVE-2018-7995\", \"CVE-2018-8043\", \"CVE-2018-7757\", \"CVE-2018-5803\", \"CVE-2018-1065\", \"CVE-2018-1000026\", \"CVE-2018-5750\", \"CVE-2018-1000004\", \"CVE-2018-5344\", \"CVE-2018-5332\", \"CVE-2018-5333\", \"CVE-2017-17862\", \"CVE-2017-17863\", \"CVE-2017-17864\", \"CVE-2017-17852\", \"CVE-2017-17853\", \"CVE-2017-17854\", \"CVE-2017-17855\", \"CVE-2017-17856\", \"CVE-2017-17857\", \"CVE-2017-17741\", \"CVE-2017-17712\", \"CVE-2017-17449\", \"CVE-2017-17450\", \"CVE-2017-17448\", \"CVE-2017-17558\", \"CVE-2017-8824\", \"CVE-2017-1000405\", \"CVE-2017-16649\", \"CVE-2017-16650\", \"CVE-2017-16644\", \"CVE-2017-16647\", \"CVE-2017-15115\", \"CVE-2017-16532\", \"CVE-2017-16538\", \"CVE-2017-12193\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-12-04 08:34:37 +0100 (Tue, 04 Dec 2018)\");\n script_name(\"Fedora Update for kernel FEDORA-2018-b68776e5b0\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n script_xref(name:\"FEDORA\", value:\"2018-b68776e5b0\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2OZHJB75FAIL6GZIEXPM735EW43TAV37\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the FEDORA-2018-b68776e5b0 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"affected\", value:\"kernel on Fedora 27.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.18.19~100.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:32:58", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-10-11T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2018-94315e9a6b", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10021", "CVE-2018-8043", "CVE-2017-17863", "CVE-2018-13053", "CVE-2017-17450", "CVE-2018-1108", "CVE-2017-17558", "CVE-2018-12633", "CVE-2018-1000004", "CVE-2018-5333", "CVE-2017-17741", "CVE-2018-10840", "CVE-2018-13405", "CVE-2018-13095", "CVE-2017-12193", "CVE-2017-17862", "CVE-2018-12714", "CVE-2018-11506", "CVE-2018-12232", "CVE-2017-17852", "CVE-2018-10853", "CVE-2017-16532", "CVE-2017-16649", "CVE-2018-5344", "CVE-2017-17854", "CVE-2018-13093", "CVE-2017-17853", "CVE-2018-17182", "CVE-2018-7757", "CVE-2017-15115", "CVE-2018-14734", "CVE-2017-17712", "CVE-2017-8824", "CVE-2017-17448", "CVE-2018-3646", "CVE-2018-18021", "CVE-2018-1120", "CVE-2018-5391", "CVE-2018-1065", "CVE-2017-18232", "CVE-2017-16647", "CVE-2018-5332", "CVE-2018-3620", "CVE-2017-17449", "CVE-2018-10322", "CVE-2018-15471", "CVE-2017-16650", "CVE-2018-10323", "CVE-2018-7995", "CVE-2018-14678", "CVE-2018-5750", "CVE-2017-16538", "CVE-2017-17855", "CVE-2018-14633", "CVE-2017-17857", "CVE-2017-16644", "CVE-2017-17864", "CVE-2018-5803", "CVE-2017-1000405", "CVE-2018-1000026", "CVE-2018-3639", "CVE-2017-17856", "CVE-2018-12896", "CVE-2018-13094"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310875170", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875170", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_94315e9a6b_kernel_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for kernel FEDORA-2018-94315e9a6b\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875170\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-10-11 08:44:29 +0200 (Thu, 11 Oct 2018)\");\n script_cve_id(\"CVE-2018-14633\", \"CVE-2018-17182\", \"CVE-2018-5391\", \"CVE-2018-15471\",\n \"CVE-2018-3620\", \"CVE-2018-3646\", \"CVE-2018-14734\", \"CVE-2018-14678\",\n \"CVE-2018-13405\", \"CVE-2018-13053\", \"CVE-2018-12896\", \"CVE-2018-13093\",\n \"CVE-2018-13094\", \"CVE-2018-13095\", \"CVE-2018-12714\", \"CVE-2018-12633\",\n \"CVE-2018-12232\", \"CVE-2018-10853\", \"CVE-2018-11506\", \"CVE-2018-10840\",\n \"CVE-2018-3639\", \"CVE-2018-1120\", \"CVE-2018-10322\", \"CVE-2018-10323\",\n \"CVE-2018-1108\", \"CVE-2018-10021\", \"CVE-2017-18232\", \"CVE-2018-7995\",\n \"CVE-2018-8043\", \"CVE-2018-7757\", \"CVE-2018-5803\", \"CVE-2018-1065\",\n \"CVE-2018-1000026\", \"CVE-2018-5750\", \"CVE-2018-1000004\", \"CVE-2018-5344\",\n \"CVE-2018-5332\", \"CVE-2018-5333\", \"CVE-2017-17862\", \"CVE-2017-17863\",\n \"CVE-2017-17864\", \"CVE-2017-17852\", \"CVE-2017-17853\", \"CVE-2017-17854\",\n \"CVE-2017-17855\", \"CVE-2017-17856\", \"CVE-2017-17857\", \"CVE-2017-17741\",\n \"CVE-2017-17712\", \"CVE-2017-17449\", \"CVE-2017-17450\", \"CVE-2017-17448\",\n \"CVE-2017-17558\", \"CVE-2017-8824\", \"CVE-2017-1000405\", \"CVE-2017-16649\",\n \"CVE-2017-16650\", \"CVE-2017-16644\", \"CVE-2017-16647\", \"CVE-2017-15115\",\n \"CVE-2017-16532\", \"CVE-2017-16538\", \"CVE-2017-12193\", \"CVE-2018-18021\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2018-94315e9a6b\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-94315e9a6b\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RKOLTEPUDYGM4MZIFXROKL3WL6JRMXZE\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.18.12~100.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-27T18:40:37", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-2353)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-15219", "CVE-2017-7472", "CVE-2019-14815", "CVE-2019-15098", "CVE-2016-2384", "CVE-2016-2782", "CVE-2018-3693", "CVE-2017-14051", "CVE-2019-15218", "CVE-2017-7261", "CVE-2019-14816", "CVE-2015-3332", "CVE-2017-13216", "CVE-2017-18595", "CVE-2018-10880", "CVE-2019-15217", "CVE-2019-0136", "CVE-2019-17666", "CVE-2019-14284", "CVE-2019-15807", "CVE-2016-3689", "CVE-2019-15216", "CVE-2019-15505", "CVE-2019-12378", "CVE-2019-17055", "CVE-2016-3139", "CVE-2015-9289", "CVE-2019-15118", "CVE-2017-18551", "CVE-2016-2186", "CVE-2019-13648", "CVE-2019-17054", "CVE-2014-1446", "CVE-2016-2187", "CVE-2018-10675", "CVE-2019-13631", "CVE-2019-15220", "CVE-2016-4569", "CVE-2016-7425", "CVE-2017-13305", "CVE-2017-1000379", "CVE-2016-2184", "CVE-2019-17075", "CVE-2019-15927", "CVE-2017-18232", "CVE-2019-10140", "CVE-2019-12381", "CVE-2018-18710", "CVE-2019-12379", "CVE-2019-14835", "CVE-2019-15213", "CVE-2019-9503", "CVE-2015-1350", "CVE-2019-15212", "CVE-2019-12456", "CVE-2019-15221", "CVE-2018-10322", "CVE-2018-20856", "CVE-2019-12818", "CVE-2018-17972", "CVE-2019-10142", "CVE-2016-3138", "CVE-2018-10323", "CVE-2019-15292", "CVE-2016-3140", "CVE-2019-17052", "CVE-2018-20976", "CVE-2017-18509", "CVE-2016-4578", "CVE-2015-8816", "CVE-2019-15214", "CVE-2016-2185", "CVE-2018-9518", "CVE-2018-10087", "CVE-2019-16232", "CVE-2019-14821", "CVE-2019-3846", "CVE-2018-10124", "CVE-2019-2101", "CVE-2019-15916", "CVE-2016-4580", "CVE-2017-11089", "CVE-2019-15926", "CVE-2019-14814", "CVE-2018-6412", "CVE-2017-13167", "CVE-2019-15291", "CVE-2019-3882", "CVE-2019-17053", "CVE-2019-1125", "CVE-2018-12896", "CVE-2019-17133", "CVE-2019-16413", "CVE-2018-20511", "CVE-2019-17056", "CVE-2019-14283"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192353", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192353", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2353\");\n script_version(\"2020-01-23T14:09:13+0000\");\n script_cve_id(\"CVE-2014-1446\", \"CVE-2015-1350\", \"CVE-2015-3332\", \"CVE-2015-8816\", \"CVE-2015-9289\", \"CVE-2016-2184\", \"CVE-2016-2185\", \"CVE-2016-2186\", \"CVE-2016-2187\", \"CVE-2016-2384\", \"CVE-2016-2782\", \"CVE-2016-3138\", \"CVE-2016-3139\", \"CVE-2016-3140\", \"CVE-2016-3689\", \"CVE-2016-4569\", \"CVE-2016-4578\", \"CVE-2016-4580\", \"CVE-2016-7425\", \"CVE-2017-1000379\", \"CVE-2017-11089\", \"CVE-2017-13167\", \"CVE-2017-13216\", \"CVE-2017-13305\", \"CVE-2017-14051\", \"CVE-2017-18232\", \"CVE-2017-18509\", \"CVE-2017-18551\", \"CVE-2017-18595\", \"CVE-2017-7261\", \"CVE-2017-7472\", \"CVE-2018-10087\", \"CVE-2018-10124\", \"CVE-2018-10322\", \"CVE-2018-10323\", \"CVE-2018-10675\", \"CVE-2018-10880\", \"CVE-2018-12896\", \"CVE-2018-17972\", \"CVE-2018-18710\", \"CVE-2018-20511\", \"CVE-2018-20856\", \"CVE-2018-20976\", \"CVE-2018-3693\", \"CVE-2018-6412\", \"CVE-2018-9518\", \"CVE-2019-0136\", \"CVE-2019-10140\", \"CVE-2019-10142\", \"CVE-2019-1125\", \"CVE-2019-12378\", \"CVE-2019-12379\", \"CVE-2019-12381\", \"CVE-2019-12456\", \"CVE-2019-12818\", \"CVE-2019-13631\", \"CVE-2019-13648\", \"CVE-2019-14283\", \"CVE-2019-14284\", \"CVE-2019-14814\", \"CVE-2019-14815\", \"CVE-2019-14816\", \"CVE-2019-14821\", \"CVE-2019-14835\", \"CVE-2019-15098\", \"CVE-2019-15118\", \"CVE-2019-15212\", \"CVE-2019-15213\", \"CVE-2019-15214\", \"CVE-2019-15216\", \"CVE-2019-15217\", \"CVE-2019-15218\", \"CVE-2019-15219\", \"CVE-2019-15220\", \"CVE-2019-15221\", \"CVE-2019-15291\", \"CVE-2019-15292\", \"CVE-2019-15505\", \"CVE-2019-15807\", \"CVE-2019-15916\", \"CVE-2019-15926\", \"CVE-2019-15927\", \"CVE-2019-16232\", \"CVE-2019-16413\", \"CVE-2019-17052\", \"CVE-2019-17053\", \"CVE-2019-17054\", \"CVE-2019-17055\", \"CVE-2019-17056\", \"CVE-2019-17075\", \"CVE-2019-17133\", \"CVE-2019-17666\", \"CVE-2019-2101\", \"CVE-2019-3846\", \"CVE-2019-3882\", \"CVE-2019-9503\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 14:09:13 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:47:59 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-2353)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2353\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2353\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2019-2353 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The yam_ioctl function in drivers et/hamradio/yam.c in the Linux kernel before 3.12.8 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCYAMGCFG ioctl call.(CVE-2014-1446)\n\nThe VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program.(CVE-2015-1350)\n\nA certain backport in the TCP Fast Open implementation for the Linux kernel before 3.18 does not properly maintain a count value, which allow local users to cause a denial of service (system crash) via the Fast Open feature, as demonstrated by visiting the chrome://flags/#enable-tcp-fast-open URL when using certain 3.10.x through 3.16.x kernel builds, including longterm-maintenance releases and ckt (aka Canonical Kernel Team) builds.(CVE-2015-3332)\n\nThe hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device.(CVE-2015-8816)\n\nIn the Linux kernel before 4.1.4, a buffer overflow occurs when checking userspace params in drivers/media/dvb-frontends/cx24116.c. The maximum size for a DiSEqC command is 6, according to the userspace API. However, the code allows larger values such as 23.(CVE-2015-9289)\n\nThe create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference or double free, and system crash) via a crafted endpoints value in a USB device descriptor.(CVE-2016-2184)\n\nThe ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.(CVE-2016-2185)\n\nThe powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~327.62.59.83.h195\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~3.10.0~327.62.59.83.h195\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~3.10.0~327.62.59.83.h195\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~3.10.0~327.62.59.83.h195\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debuginfo-common-x86_64\", rpm:\"kernel-debuginfo-common-x86_64~3.10.0~327.62.59.83.h195\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~327.62.59.83.h195\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~327.62.59.83.h195\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~327.62.59.83.h195\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~327.62.59.83.h195\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~327.62.59.83.h195\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~327.62.59.83.h195\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "redhatcve": [{"lastseen": "2022-07-07T11:11:25", "description": "The Serial Attached SCSI (SAS) implementation in the Linux kernel mishandles a mutex within libsas. This allows local users to cause a denial of service (deadlock) by triggering certain error-handling code.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-11-02T21:33:51", "type": "redhatcve", "title": "CVE-2017-18232", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-18232"], "modified": "2022-07-07T09:26:14", "id": "RH:CVE-2017-18232", "href": "https://access.redhat.com/security/cve/cve-2017-18232", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}], "debiancve": [{"lastseen": "2023-03-30T16:44:41", "description": "The Serial Attached SCSI (SAS) implementation in the Linux kernel through 4.15.9 mishandles a mutex within libsas, which allows local users to cause a denial of service (deadlock) by triggering certain error-handling code.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-03-15T04:29:00", "type": "debiancve", "title": "CVE-2017-18232", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-18232"], "modified": "2018-03-15T04:29:00", "id": "DEBIANCVE:CVE-2017-18232", "href": "https://security-tracker.debian.org/tracker/CVE-2017-18232", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}], "photon": [{"lastseen": "2021-11-03T11:52:04", "description": "An update of {'linux', 'linux-esx'} packages of Photon OS has been released.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-07-12T00:00:00", "type": "photon", "title": "Home\nDownload Photon OS\nUser Documentation\nFAQ\nSecurity Advisories\nRelated Information\n\nLightwave - PHSA-2018-1.0-0161", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-18232", "CVE-2018-10323"], "modified": "2018-07-12T00:00:00", "id": "PHSA-2018-1.0-0161", "href": "https://github.com/vmware/photon/wiki/Security-Updates-1.0-161", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-05-12T18:06:24", "description": "Updates of ['linux', 'linux-esx'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-07-12T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2018-0161", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-18232", "CVE-2018-10323"], "modified": "2018-07-12T00:00:00", "id": "PHSA-2018-0161", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-161", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-05-12T18:30:11", "description": "Updates of ['linux', 'linux-esx', 'linux-aws', 'linux-secure'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.0, "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-07-18T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2018-0072", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-18232", "CVE-2017-18249", "CVE-2018-10323"], "modified": "2018-07-18T00:00:00", "id": "PHSA-2018-0072", "href": "https://github.com/vmware/photon/wiki/Security-Update-2.0-72", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-11-03T21:01:48", "description": "An update of {'linux-aws', 'linux', 'linux-esx', 'linux-secure'} packages of Photon OS has been released.\n", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.0, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-07-17T00:00:00", "type": "photon", "title": "Home\nDownload Photon OS\nUser Documentation\nFAQ\nSecurity Advisories\nRelated Information\n\nLightwave - PHSA-2018-2.0-0072", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-18232", "CVE-2017-18249", "CVE-2018-10323"], "modified": "2018-07-17T00:00:00", "id": "PHSA-2018-2.0-0072", "href": "https://github.com/vmware/photon/wiki/Security-Updates-2-72", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}], "amazon": [{"lastseen": "2023-02-08T17:13:31", "description": "**Issue Overview:**\n\nMissing length check of payload in net/sctp/sm_make_chunk.c:_sctp_make_chunk() function allows denial of service: \nAn error in the \"_sctp_make_chunk()\" function (net/sctp/sm_make_chunk.c) when handling SCTP, packet length can be exploited by a malicious local user to cause a kernel crash and a DoS. (CVE-2018-5803)\n\nMishandling mutex within libsas allowing local Denial of Service \nThe Serial Attached SCSI (SAS) implementation in the Linux kernel mishandles a mutex within libsas. This allows local users to cause a denial of service (deadlock) by triggering certain error-handling code. (CVE-2017-18232)\n\nA flaw was found in the Linux kernel's client-side implementation of the cifs protocol. This flaw allows an attacker controlling the server to kernel panic a client which has the CIFS server mounted.(CVE-2018-1066)\n\n \n**Affected Packages:** \n\n\nkernel\n\n \n**Issue Correction:** \nRun _yum update kernel_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n \u00a0\u00a0\u00a0 kernel-debuginfo-common-i686-4.9.93-41.60.amzn1.i686 \n \u00a0\u00a0\u00a0 kernel-4.9.93-41.60.amzn1.i686 \n \u00a0\u00a0\u00a0 kernel-tools-devel-4.9.93-41.60.amzn1.i686 \n \u00a0\u00a0\u00a0 perf-4.9.93-41.60.amzn1.i686 \n \u00a0\u00a0\u00a0 kernel-debuginfo-4.9.93-41.60.amzn1.i686 \n \u00a0\u00a0\u00a0 kernel-tools-debuginfo-4.9.93-41.60.amzn1.i686 \n \u00a0\u00a0\u00a0 kernel-devel-4.9.93-41.60.amzn1.i686 \n \u00a0\u00a0\u00a0 kernel-headers-4.9.93-41.60.amzn1.i686 \n \u00a0\u00a0\u00a0 kernel-tools-4.9.93-41.60.amzn1.i686 \n \u00a0\u00a0\u00a0 perf-debuginfo-4.9.93-41.60.amzn1.i686 \n \n noarch: \n \u00a0\u00a0\u00a0 kernel-doc-4.9.93-41.60.amzn1.noarch \n \n src: \n \u00a0\u00a0\u00a0 kernel-4.9.93-41.60.amzn1.src \n \n x86_64: \n \u00a0\u00a0\u00a0 perf-4.9.93-41.60.amzn1.x86_64 \n \u00a0\u00a0\u00a0 kernel-tools-debuginfo-4.9.93-41.60.amzn1.x86_64 \n \u00a0\u00a0\u00a0 perf-debuginfo-4.9.93-41.60.amzn1.x86_64 \n \u00a0\u00a0\u00a0 kernel-tools-4.9.93-41.60.amzn1.x86_64 \n \u00a0\u00a0\u00a0 kernel-4.9.93-41.60.amzn1.x86_64 \n \u00a0\u00a0\u00a0 kernel-devel-4.9.93-41.60.amzn1.x86_64 \n \u00a0\u00a0\u00a0 kernel-tools-devel-4.9.93-41.60.amzn1.x86_64 \n \u00a0\u00a0\u00a0 kernel-headers-4.9.93-41.60.amzn1.x86_64 \n \u00a0\u00a0\u00a0 kernel-debuginfo-4.9.93-41.60.amzn1.x86_64 \n \u00a0\u00a0\u00a0 kernel-debuginfo-common-x86_64-4.9.93-41.60.amzn1.x86_64 \n \n \n\n### Additional References\n\nRed Hat: [CVE-2017-18232](<https://access.redhat.com/security/cve/CVE-2017-18232>), [CVE-2018-1066](<https://access.redhat.com/security/cve/CVE-2018-1066>), [CVE-2018-5803](<https://access.redhat.com/security/cve/CVE-2018-5803>)\n\nMitre: [CVE-2017-18232](<https://vulners.com/cve/CVE-2017-18232>), [CVE-2018-1066](<https://vulners.com/cve/CVE-2018-1066>), [CVE-2018-5803](<https://vulners.com/cve/CVE-2018-5803>)\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2018-04-19T04:44:00", "type": "amazon", "title": "Medium: kernel", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-18232", "CVE-2018-1066", "CVE-2018-5803"], "modified": "2018-05-10T23:20:00", "id": "ALAS-2018-993", "href": "https://alas.aws.amazon.com/ALAS-2018-993.html", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-08T17:35:07", "description": "**Issue Overview:**\n\nA memory leak in the adis_update_scan_mode_burst() function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-9c0530e898f3. (CVE-2019-19061)\n\nA memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmi.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-728c1e2a05e4. (CVE-2019-19074)\n\nIn the Android kernel in F2FS driver there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation. (CVE-2019-9445)\n\nA memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering kfifo_alloc() failures, aka CID-a7b2df76b42b. (CVE-2019-19054)\n\nIn a Linux KVM guest that has PV TLB enabled, a process in the guest kernel may be able to read memory locations from another process in the same guest. This problem is limit to the host running linux kernel 4.10 with a guest running linux kernel 4.16 or later. The problem mainly affects AMD processors but Intel CPUs cannot be ruled out. (CVE-2019-3016)\n\nThe unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c in the Linux kernel through 4.15.8 does not validate certain resource availability, which allows local users to cause a denial of service (NULL pointer dereference). (CVE-2018-8043)\n\nIn the Linux kernel through 5.7.6, usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory leak, aka CID-28ebeb8db770. ( CVE-2020-15393 )\n\nA memory leak in the ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-128c66429247. (CVE-2019-18808)\n\nThe xfs_bmap_extents_to_btree function in fs/xfs/libxfs/xfs_bmap.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_bmapi_write NULL pointer dereference) via a crafted xfs image. (CVE-2018-10323)\n\nAn issue was discovered in xfs_agf_verify in fs/xfs/libxfs/xfs_alloc.c in the Linux kernel through 5.6.10. Attackers may trigger a sync of excessive duration via an XFS v5 image with crafted metadata, aka CID-d0c7feaf8767. (CVE-2020-12655)\n\nMemory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering wait_for_completion_timeout() failures. This affects the htc_config_pipe_credits() function, the htc_setup_complete() function, and the htc_connect_service() function, aka CID-853acf7caf10. (CVE-2019-19073)\n\nThe Serial Attached SCSI (SAS) implementation in the Linux kernel mishandles a mutex within libsas. This allows local users to cause a denial of service (deadlock) by triggering certain error-handling code. (CVE-2017-18232)\n\nThe Serial Attached SCSI (SAS) implementation in the Linux kernel through 4.15.9 mishandles a mutex within libsas, which allows local users to cause a denial of service (deadlock) by triggering certain error-handling code. (CVE-2017-18232)\n\nA flaw was found in the ZRAM kernel module, where a user with a local account and the ability to read the /sys/class/zram-control/hot_add file can create ZRAM device nodes in the /dev/ directory. This read allocates kernel memory and is not accounted for a user that triggers the creation of that ZRAM device. With this vulnerability, continually reading the device may consume a large amount of system memory and cause the Out-of-Memory (OOM) killer to activate and terminate random userspace processes, possibly making the system inoperable. (CVE-2020-10781)\n\n \n**Affected Packages:** \n\n\nkernel\n\n \n**Issue Correction:** \nRun _yum update kernel_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n aarch64: \n \u00a0\u00a0\u00a0 kernel-4.14.192-147.314.amzn2.aarch64 \n \u00a0\u00a0\u00a0 kernel-headers-4.14.192-147.314.amzn2.aarch64 \n \u00a0\u00a0\u00a0 kernel-debuginfo-common-aarch64-4.14.192-147.314.amzn2.aarch64 \n \u00a0\u00a0\u00a0 perf-4.14.192-147.314.amzn2.aarch64 \n \u00a0\u00a0\u00a0 perf-debuginfo-4.14.192-147.314.amzn2.aarch64 \n \u00a0\u00a0\u00a0 python-perf-4.14.192-147.314.amzn2.aarch64 \n \u00a0\u00a0\u00a0 python-perf-debuginfo-4.14.192-147.314.amzn2.aarch64 \n \u00a0\u00a0\u00a0 kernel-tools-4.14.192-147.314.amzn2.aarch64 \n \u00a0\u00a0\u00a0 kernel-tools-devel-4.14.192-147.314.amzn2.aarch64 \n \u00a0\u00a0\u00a0 kernel-tools-debuginfo-4.14.192-147.314.amzn2.aarch64 \n \u00a0\u00a0\u00a0 kernel-devel-4.14.192-147.314.amzn2.aarch64 \n \u00a0\u00a0\u00a0 kernel-debuginfo-4.14.192-147.314.amzn2.aarch64 \n \n i686: \n \u00a0\u00a0\u00a0 kernel-headers-4.14.192-147.314.amzn2.i686 \n \n src: \n \u00a0\u00a0\u00a0 kernel-4.14.192-147.314.amzn2.src \n \n x86_64: \n \u00a0\u00a0\u00a0 kernel-4.14.192-147.314.amzn2.x86_64 \n \u00a0\u00a0\u00a0 kernel-headers-4.14.192-147.314.amzn2.x86_64 \n \u00a0\u00a0\u00a0 kernel-debuginfo-common-x86_64-4.14.192-147.314.amzn2.x86_64 \n \u00a0\u00a0\u00a0 perf-4.14.192-147.314.amzn2.x86_64 \n \u00a0\u00a0\u00a0 perf-debuginfo-4.14.192-147.314.amzn2.x86_64 \n \u00a0\u00a0\u00a0 python-perf-4.14.192-147.314.amzn2.x86_64 \n \u00a0\u00a0\u00a0 python-perf-debuginfo-4.14.192-147.314.amzn2.x86_64 \n \u00a0\u00a0\u00a0 kernel-tools-4.14.192-147.314.amzn2.x86_64 \n \u00a0\u00a0\u00a0 kernel-tools-devel-4.14.192-147.314.amzn2.x86_64 \n \u00a0\u00a0\u00a0 kernel-tools-debuginfo-4.14.192-147.314.amzn2.x86_64 \n \u00a0\u00a0\u00a0 kernel-devel-4.14.192-147.314.amzn2.x86_64 \n \u00a0\u00a0\u00a0 kernel-debuginfo-4.14.192-147.314.amzn2.x86_64 \n \u00a0\u00a0\u00a0 kernel-livepatch-4.14.192-147.314-1.0-0.amzn2.x86_64 \n \n \n\n### Additional References\n\nRed Hat: [CVE-2017-18232](<https://access.redhat.com/security/cve/CVE-2017-18232>), [CVE-2018-10323](<https://access.redhat.com/security/cve/CVE-2018-10323>), [CVE-2018-8043](<https://access.redhat.com/security/cve/CVE-2018-8043>), [CVE-2019-18808](<https://access.redhat.com/security/cve/CVE-2019-18808>), [CVE-2019-19054](<https://access.redhat.com/security/cve/CVE-2019-19054>), [CVE-2019-19061](<https://access.redhat.com/security/cve/CVE-2019-19061>), [CVE-2019-19073](<https://access.redhat.com/security/cve/CVE-2019-19073>), [CVE-2019-19074](<https://access.redhat.com/security/cve/CVE-2019-19074>), [CVE-2019-3016](<https://access.redhat.com/security/cve/CVE-2019-3016>), [CVE-2019-9445](<https://access.redhat.com/security/cve/CVE-2019-9445>), [CVE-2020-10781](<https://access.redhat.com/security/cve/CVE-2020-10781>), [CVE-2020-12655](<https://access.redhat.com/security/cve/CVE-2020-12655>), [CVE-2020-15393](<https://access.redhat.com/security/cve/CVE-2020-15393>)\n\nMitre: [CVE-2017-18232](<https://vulners.com/cve/CVE-2017-18232>), [CVE-2018-10323](<https://vulners.com/cve/CVE-2018-10323>), [CVE-2018-8043](<https://vulners.com/cve/CVE-2018-8043>), [CVE-2019-18808](<https://vulners.com/cve/CVE-2019-18808>), [CVE-2019-19054](<https://vulners.com/cve/CVE-2019-19054>), [CVE-2019-19061](<https://vulners.com/cve/CVE-2019-19061>), [CVE-2019-19073](<https://vulners.com/cve/CVE-2019-19073>), [CVE-2019-19074](<https://vulners.com/cve/CVE-2019-19074>), [CVE-2019-3016](<https://vulners.com/cve/CVE-2019-3016>), [CVE-2019-9445](<https://vulners.com/cve/CVE-2019-9445>), [CVE-2020-10781](<https://vulners.com/cve/CVE-2020-10781>), [CVE-2020-12655](<https://vulners.com/cve/CVE-2020-12655>), [CVE-2020-15393](<https://vulners.com/cve/CVE-2020-15393>)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-08-18T20:29:00", "type": "amazon", "title": "Important: kernel", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-18232", "CVE-2018-10323", "CVE-2018-8043", "CVE-2019-18808", "CVE-2019-19054", "CVE-2019-19061", "CVE-2019-19073", "CVE-2019-19074", "CVE-2019-3016", "CVE-2019-9445", "CVE-2020-10781", "CVE-2020-12655", "CVE-2020-15393"], "modified": "2020-08-24T23:58:00", "id": "ALAS2-2020-1480", "href": "https://alas.aws.amazon.com/AL2/ALAS-2020-1480.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "ubuntu": [{"lastseen": "2023-01-26T15:44:03", "description": "## Releases\n\n * Ubuntu 16.04 ESM\n\n## Packages\n\n * linux \\- Linux kernel\n * linux-aws \\- Linux kernel for Amazon Web Services (AWS) systems\n * linux-kvm \\- Linux kernel for cloud environments\n * linux-raspi2 \\- Linux kernel for Raspberry Pi 2\n * linux-snapdragon \\- Linux kernel for Snapdragon processors\n\nIt was discovered that a race condition existed in the ARC EMAC ethernet \ndriver for the Linux kernel, resulting in a use-after-free vulnerability. \nAn attacker could use this to cause a denial of service (system crash). \n(CVE-2016-10906)\n\nIt was discovered that a race condition existed in the Serial Attached SCSI \n(SAS) implementation in the Linux kernel when handling certain error \nconditions. A local attacker could use this to cause a denial of service \n(kernel deadlock). (CVE-2017-18232)\n\nIt was discovered that the RSI 91x Wi-Fi driver in the Linux kernel did not \ndid not handle detach operations correctly, leading to a use-after-free \nvulnerability. A physically proximate attacker could use this to cause a \ndenial of service (system crash) or possibly execute arbitrary code. \n(CVE-2018-21008)\n\nWen Huang discovered that the Marvell Wi-Fi device driver in the Linux \nkernel did not properly perform bounds checking, leading to a heap \noverflow. A local attacker could use this to cause a denial of service \n(system crash) or possibly execute arbitrary code. (CVE-2019-14814, \nCVE-2019-14816)\n\nMatt Delco discovered that the KVM hypervisor implementation in the Linux \nkernel did not properly perform bounds checking when handling coalesced \nMMIO write operations. A local attacker with write access to /dev/kvm could \nuse this to cause a denial of service (system crash). (CVE-2019-14821)\n\nHui Peng and Mathias Payer discovered that the USB audio driver for the \nLinux kernel did not properly validate device meta data. A physically \nproximate attacker could use this to cause a denial of service (system \ncrash). (CVE-2019-15117)\n\nHui Peng and Mathias Payer discovered that the USB audio driver for the \nLinux kernel improperly performed recursion while handling device meta \ndata. A physically proximate attacker could use this to cause a denial of \nservice (system crash). (CVE-2019-15118)\n\nIt was discovered that the Technisat DVB-S/S2 USB device driver in the \nLinux kernel contained a buffer overread. A physically proximate attacker \ncould use this to cause a denial of service (system crash) or possibly \nexpose sensitive information. (CVE-2019-15505)\n\nBrad Spengler discovered that a Spectre mitigation was improperly \nimplemented in the ptrace susbsystem of the Linux kernel. A local attacker \ncould possibly use this to expose sensitive information. (CVE-2019-15902)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-10-22T00:00:00", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10906", "CVE-2017-18232", "CVE-2018-21008", "CVE-2019-14814", "CVE-2019-14816", "CVE-2019-14821", "CVE-2019-15117", "CVE-2019-15118", "CVE-2019-15505", "CVE-2019-15902"], "modified": "2019-10-22T00:00:00", "id": "USN-4163-1", "href": "https://ubuntu.com/security/notices/USN-4163-1", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-26T15:44:02", "description": "## Releases\n\n * Ubuntu 14.04 ESM\n\n## Packages\n\n * linux-aws \\- Linux kernel for Amazon Web Services (AWS) systems\n * linux-lts-xenial \\- Linux hardware enablement kernel from Xenial for Trusty\n\nUSN-4163-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 \nLTS. This update provides the corresponding updates for the Linux \nHardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu \n14.04 ESM.\n\nIt was discovered that a race condition existed in the ARC EMAC ethernet \ndriver for the Linux kernel, resulting in a use-after-free vulnerability. \nAn attacker could use this to cause a denial of service (system crash). \n(CVE-2016-10906)\n\nIt was discovered that a race condition existed in the Serial Attached SCSI \n(SAS) implementation in the Linux kernel when handling certain error \nconditions. A local attacker could use this to cause a denial of service \n(kernel deadlock). (CVE-2017-18232)\n\nIt was discovered that the RSI 91x Wi-Fi driver in the Linux kernel did not \ndid not handle detach operations correctly, leading to a use-after-free \nvulnerability. A physically proximate attacker could use this to cause a \ndenial of service (system crash) or possibly execute arbitrary code. \n(CVE-2018-21008)\n\nWen Huang discovered that the Marvell Wi-Fi device driver in the Linux \nkernel did not properly perform bounds checking, leading to a heap \noverflow. A local attacker could use this to cause a denial of service \n(system crash) or possibly execute arbitrary code. (CVE-2019-14814, \nCVE-2019-14816)\n\nMatt Delco discovered that the KVM hypervisor implementation in the Linux \nkernel did not properly perform bounds checking when handling coalesced \nMMIO write operations. A local attacker with write access to /dev/kvm could \nuse this to cause a denial of service (system crash). (CVE-2019-14821)\n\nHui Peng and Mathias Payer discovered that the USB audio driver for the \nLinux kernel did not properly validate device meta data. A physically \nproximate attacker could use this to cause a denial of service (system \ncrash). (CVE-2019-15117)\n\nHui Peng and Mathias Payer discovered that the USB audio driver for the \nLinux kernel improperly performed recursion while handling device meta \ndata. A physically proximate attacker could use this to cause a denial of \nservice (system crash). (CVE-2019-15118)\n\nIt was discovered that the Technisat DVB-S/S2 USB device driver in the \nLinux kernel contained a buffer overread. A physically proximate attacker \ncould use this to cause a denial of service (system crash) or possibly \nexpose sensitive information. (CVE-2019-15505)\n\nBrad Spengler discovered that a Spectre mitigation was improperly \nimplemented in the ptrace susbsystem of the Linux kernel. A local attacker \ncould possibly use this to expose sensitive information. (CVE-2019-15902)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-10-23T00:00:00", "type": "ubuntu", "title": "Linux kernel (Xenial HWE) vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10906", "CVE-2017-18232", "CVE-2018-21008", "CVE-2019-14814", "CVE-2019-14816", "CVE-2019-14821", "CVE-2019-15117", "CVE-2019-15118", "CVE-2019-15505", "CVE-2019-15902"], "modified": "2019-10-23T00:00:00", "id": "USN-4163-2", "href": "https://ubuntu.com/security/notices/USN-4163-2", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "ibm": [{"lastseen": "2023-02-23T21:46:37", "description": "## Summary\n\nPowerKVM is affected by vulnerabilities in the Linux Kernel. IBM has now addressed these vulnerabilities.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-1000026](<https://vulners.com/cve/CVE-2018-1000026>) \n**DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by the improper validation of user-supplied input by the bnx2x network card driver. By sending specially crafted GSO packets, a remote attacker could exploit this vulnerability to cause an assertion and take the card off-line. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/138955> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-18559](<https://vulners.com/cve/CVE-2018-18559>) \n**DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by a use-after-free when there is an incomplete fix for a race condition between fanout_add from setsockopt and bind on an AF_PACKET socket. By sending a specially crafted packet, a remote attacker could exploit this vulnerability to achieve Program Counter control and cause the kernel to crash. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151816> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-14634](<https://vulners.com/cve/CVE-2018-14634>) \n**DESCRIPTION:** Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by an integer overflow in the create_elf_tables function. By using a specially-crafted binary file, an attacker could exploit this vulnerability to obtain full root privileges. \nCVSS Base Score: 7.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/150310> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-14633](<https://vulners.com/cve/CVE-2018-14633>) \n**DESCRIPTION:** Linux Kernel is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the chap_server_compute_md5() function. If the iSCSI target to be enabled on the victim host, an attacker could overflow a buffer and execute arbitrary code on the system or cause the system to crash. \nCVSS Base Score: 7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/150238> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H)\n\n**CVEID:** [CVE-2018-13405](<https://vulners.com/cve/CVE-2018-13405>) \n**DESCRIPTION:** Linux Kernel could allow a local attacker to gain elevated privileges on the system, caused by a flaw in the fs/inode.c:inode_init_owner() function. An attacker could exploit this vulnerability to create files with an unintended group ownership. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146434> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [CVE-2018-10940](<https://vulners.com/cve/CVE-2018-10940>) \n**DESCRIPTION:** Linux Kernel could allow a local attacker to obtain sensitive information, caused by a flaw in the cdrom_ioctl_media_changed function in drivers/cdrom/cdrom.c. By using a specially-crafted ioctl, an attacker could exploit this vulnerability to read out kernel memory. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/143080> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-10883](<https://vulners.com/cve/CVE-2018-10883>) \n**DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by an out-of-bounds write in the jbd2_journal_dirty_metadata() function. By mounting and operating on a specially crafted ext4 filesystem image, a local attacker could exploit this vulnerability to cause the system to crash. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/147830> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-10881](<https://vulners.com/cve/CVE-2018-10881>) \n**DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by an out-of-bound access in the ext4_get_group_info function. By mounting and operating on a specially crafted ext4 filesystem image, a local attacker could exploit this vulnerability to cause the system to crash. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/147820> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-10879](<https://vulners.com/cve/CVE-2018-10879>) \n**DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by a use-after-free in the ext4_xattr_set_entry function. By renaming a file a specially crafted ext4 filesystem image, a local attacker could exploit this vulnerability to cause the system to crash. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/147832> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-10878](<https://vulners.com/cve/CVE-2018-10878>) \n**DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by an out-of-bounds write in the ext4 filesystem. By mounting and operating on a specially crafted ext4 filesystem image, a local attacker could exploit this vulnerability to cause the system to crash. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/147833> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-8781](<https://vulners.com/cve/CVE-2018-8781>) \n**DESCRIPTION:** Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by an integer overflow in the udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 8.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/142300> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-7757](<https://vulners.com/cve/CVE-2018-7757>) \n**DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by a memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c. By performing many read accesses to files in the /sys/class/sas_phy directory, a local attacker could exploit this vulnerability to cause the system to crash. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/140138> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-7740](<https://vulners.com/cve/CVE-2018-7740>) \n**DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by a flaw in the resv_map_release function in mm/hugetlb.c. By using a specially-crafted application, a local attacker could exploit this vulnerability to cause the system to cause a denial of service. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/139974> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-5803](<https://vulners.com/cve/CVE-2018-5803>) \n**DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by a in the _sctp_make_chunk() function in net/sctp/sm_make_chunk.c. By sending specially-crafted SCTP packets, a local attacker could exploit this vulnerability to cause the kernel to crash. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/139740> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-5344](<https://vulners.com/cve/CVE-2018-5344>) \n**DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by a use-after-free in the drivers/block/loop.c. A local attacker could exploit this vulnerability to cause the system to crash. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137649> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-1130](<https://vulners.com/cve/CVE-2018-1130>) \n**DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in dccp_write_xmit() function in net/dccp/output.c. By using specially-crafted system calls, a local attacker could exploit this vulnerability to cause the system to crash. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/143153> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-1094](<https://vulners.com/cve/CVE-2018-1094>) \n**DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference flaw in the ext4_fill_super function in fs/ext4/super.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the system to crash. \nCVSS Base Score: 5.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141198> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-1092](<https://vulners.com/cve/CVE-2018-1092>) \n**DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference flaw in the ext4_iget function in fs/ext4/inode.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the system to crash. \nCVSS Base Score: 5.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141196> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2017-18344](<https://vulners.com/cve/CVE-2017-18344>) \n**DESCRIPTION:** Linux Kernel could allow a local attacker to obtain sensitive information, caused by an out-of-bounds memory read error in the sigevent-&gt;sigev_notify'' field of show_timer() function. An attacker could exploit this vulnerability to obtain kernel memory. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/147880> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2017-18232](<https://vulners.com/cve/CVE-2017-18232>) \n**DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by a deadlock in the Serial Attached SCSI (SAS) implementation. By triggering certain error-handling code, a local attacker could exploit this vulnerability to cause the system to crash. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/140428> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2017-18208](<https://vulners.com/cve/CVE-2017-18208>) \n**DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by a flaw in the madvise_willneed function in mm/madvise.c. By triggering use of MADVISE_WILLNEED for a DAX mapping, a local attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/139764> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2017-17805](<https://vulners.com/cve/CVE-2017-17805>) \n**DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by improper handling of zero-length inputs in the Salsa20 encryption algorithm. By using the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER), a local authenticated attacker could exploit this vulnerability to cause the system crash. \nCVSS Base Score: 5.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/136626> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2017-10661](<https://vulners.com/cve/CVE-2017-10661>) \n**DESCRIPTION:** Linux Kernel could allow a local attacker to gain elevated privileges on the system, caused by a race condition in fs/timerfd.c. An attacker could exploit this vulnerability to gain privileges or cause a denial of service. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/130802> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2017-0861](<https://vulners.com/cve/CVE-2017-0861>) \n**DESCRIPTION:** Google Android could allow a remote attacker to gain elevated privileges on the system, caused by a flaw in the Upstream kernel audio driver. By persuading a victim to open a specially-crafted application, an attacker could exploit this vulnerability to gain elevated privileges on the system. \nCVSS Base Score: 7.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/135049> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2016-4913](<https://vulners.com/cve/CVE-2016-4913>) \n**DESCRIPTION:** Linux Kernel could allow a local attacker to obtain sensitive information, caused by the improper handling of NM entries containing NUL characters by the get_rock_ridge_filename function in fs/isofs/rock.c. An attacker could exploit this vulnerability using a specially crafted isofs filesystem to read from kernel memory locations. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/113397> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2015-8830](<https://vulners.com/cve/CVE-2015-8830>) \n**DESCRIPTION:** Linux Kernel could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in the AIO interface. By applying to certain filesystems, socket or device types, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/111186> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2019-6974](<https://vulners.com/cve/CVE-2019-6974>) \n**DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by the improper handling of reference counting by kvm_ioctl_create_device in virt/kvm/kvm_main.c. A local authenticated attacker could exploit this vulnerability to trigger a use-after-free to crash the guest VM and possibly gain privileged access to a system. \nCVSS Base Score: 7.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/157074> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-17972](<https://vulners.com/cve/CVE-2018-17972>) \n**DESCRIPTION:** Linux Kernel could allow a local attacker to obtain sensitive information, caused by a flaw in the proc_pid_stack function in fs/proc/base.c. By sending a specially-crafted request, a local attacker could exploit this vulnerability to obtain kernel task stack contents. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/150826> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2018-9568](<https://vulners.com/cve/CVE-2018-9568>) \n**DESCRIPTION:** Google Android could allow a local attacker to gain elevated privileges on the system, caused by a type confusion flaw in the sk_clone_lock function in sock.c. By sending a specially-crafted request, an attacker could exploit this vulnerability to gain elevated privileges. \nCVSS Base Score: 8.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/153889> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nPowerKVM 3.1\n\n## Remediation/Fixes\n\nCustomers can update PowerKVM systems by using \"yum update\". \n\nFix images are made available via Fix Central. For version 3.1, see https://ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 18.\n\n## Workarounds and Mitigations\n\nnone\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-05-17T16:05:02", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in the Linux Kernel affect PowerKVM", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "baseScore": 8.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 8.5, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8830", "CVE-2016-4913", "CVE-2017-0861", "CVE-2017-10661", "CVE-2017-17805", "CVE-2017-18208", "CVE-2017-18232", "CVE-2017-18344", "CVE-2018-1000026", "CVE-2018-10878", "CVE-2018-10879", "CVE-2018-10881", "CVE-2018-10883", "CVE-2018-1092", "CVE-2018-1094", "CVE-2018-10940", "CVE-2018-1130", "CVE-2018-13405", "CVE-2018-14633", "CVE-2018-14634", "CVE-2018-17972", "CVE-2018-18559", "CVE-2018-5344", "CVE-2018-5803", "CVE-2018-7740", "CVE-2018-7757", "CVE-2018-8781", "CVE-2018-9568", "CVE-2019-6974"], "modified": "2019-05-17T16:05:02", "id": "6F75059EBDF719D84C8DC0CA4BAADF9428544BDAFCEEAE62F4225A55CA1E8AF0", "href": "https://www.ibm.com/support/pages/node/881424", "cvss": {"score": 8.3, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"}}], "centos": [{"lastseen": "2023-01-01T05:08:24", "description": "**CentOS Errata and Security Advisory** CESA-2018:3083\n\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use this flaw to trigger time and calculation expensive fragment reassembly algorithm by sending specially crafted packets which could lead to a CPU saturation and hence a denial of service on the system. (CVE-2018-5391)\n\n* kernel: out-of-bounds access in the show_timer function in kernel/time/posix-timers.c (CVE-2017-18344)\n\n* kernel: Integer overflow in udl_fb_mmap() can allow attackers to execute code in kernel space (CVE-2018-8781)\n\n* kernel: MIDI driver race condition leads to a double-free (CVE-2018-10902)\n\n* kernel: Missing check in inode_init_owner() does not clear SGID bit on non-directories for non-members (CVE-2018-13405)\n\n* kernel: AIO write triggers integer overflow in some protocols (CVE-2015-8830)\n\n* kernel: Use-after-free in snd_pcm_info function in ALSA subsystem potentially leads to privilege escalation (CVE-2017-0861)\n\n* kernel: Handling of might_cancel queueing is not properly pretected against race (CVE-2017-10661)\n\n* kernel: Salsa20 encryption algorithm does not correctly handle zero-length inputs allowing local attackers to cause denial of service (CVE-2017-17805)\n\n* kernel: Inifinite loop vulnerability in madvise_willneed() function allows local denial of service (CVE-2017-18208)\n\n* kernel: fuse-backed file mmap-ed onto process cmdline arguments causes denial of service (CVE-2018-1120)\n\n* kernel: a null pointer dereference in dccp_write_xmit() leads to a system crash (CVE-2018-1130)\n\n* kernel: drivers/block/loop.c mishandles lo_release serialization allowing denial of service (CVE-2018-5344)\n\n* kernel: Missing length check of payload in _sctp_make_chunk() function allows denial of service (CVE-2018-5803)\n\n* kernel: buffer overflow in drivers/net/wireless/ath/wil6210/wmi.c:wmi_set_ie() may lead to memory corruption (CVE-2018-5848)\n\n* kernel: out-of-bound write in ext4_init_block_bitmap function with a crafted ext4 image (CVE-2018-10878)\n\n* kernel: Improper validation in bnx2x network card driver can allow for denial of service attacks via crafted packet (CVE-2018-1000026)\n\n* kernel: Information leak when handling NM entries containing NUL (CVE-2016-4913)\n\n* kernel: Mishandling mutex within libsas allowing local Denial of Service (CVE-2017-18232)\n\n* kernel: NULL pointer dereference in ext4_process_freed_data() when mounting crafted ext4 image (CVE-2018-1092)\n\n* kernel: NULL pointer dereference in ext4_xattr_inode_hash() causes crash with crafted ext4 image (CVE-2018-1094)\n\n* kernel: vhost: Information disclosure in vhost/vhost.c:vhost_new_msg() (CVE-2018-1118)\n\n* kernel: Denial of service in resv_map_release function in mm/hugetlb.c (CVE-2018-7740)\n\n* kernel: Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c (CVE-2018-7757)\n\n* kernel: Invalid pointer dereference in xfs_ilock_attr_map_shared() when mounting crafted xfs image allowing denial of service (CVE-2018-10322)\n\n* kernel: use-after-free detected in ext4_xattr_set_entry with a crafted file (CVE-2018-10879)\n\n* kernel: out-of-bound access in ext4_get_group_info() when mounting and operating a crafted ext4 image (CVE-2018-10881)\n\n* kernel: stack-out-of-bounds write in jbd2_journal_dirty_metadata function (CVE-2018-10883)\n\n* kernel: incorrect memory bounds check in drivers/cdrom/cdrom.c (CVE-2018-10940)\n\nRed Hat would like to thank Juha-Matti Tilli (Aalto University - Department of Communications and Networking and Nokia Bell Labs) for reporting CVE-2018-5391; Trend Micro Zero Day Initiative for reporting CVE-2018-10902; Qualys Research Labs for reporting CVE-2018-1120; Evgenii Shatokhin (Virtuozzo Team) for reporting CVE-2018-1130; and Wen Xu for reporting CVE-2018-1092 and CVE-2018-1094.\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-cr-announce/2018-November/024895.html\n\n**Affected packages:**\nbpftool\nkernel\nkernel-abi-whitelists\nkernel-debug\nkernel-debug-devel\nkernel-devel\nkernel-doc\nkernel-headers\nkernel-tools\nkernel-tools-libs\nkernel-tools-libs-devel\nperf\npython-perf\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2018:3083", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-11-15T18:40:28", "type": "centos", "title": "bpftool, kernel, perf, python security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8830", "CVE-2016-4913", "CVE-2017-0861", "CVE-2017-10661", "CVE-2017-17805", "CVE-2017-18208", "CVE-2017-18232", "CVE-2017-18344", "CVE-2017-18360", "CVE-2018-1000026", "CVE-2018-10322", "CVE-2018-10878", "CVE-2018-10879", "CVE-2018-10881", "CVE-2018-10883", "CVE-2018-10902", "CVE-2018-1092", "CVE-2018-1094", "CVE-2018-10940", "CVE-2018-1118", "CVE-2018-1120", "CVE-2018-1130", "CVE-2018-13405", "CVE-2018-18690", "CVE-2018-5344", "CVE-2018-5391", "CVE-2018-5803", "CVE-2018-5848", "CVE-2018-7740", "CVE-2018-7757", "CVE-2018-8781"], "modified": "2018-11-15T18:40:28", "id": "CESA-2018:3083", "href": "https://lists.centos.org/pipermail/centos-cr-announce/2018-November/024895.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "redhat": [{"lastseen": "2021-10-19T20:40:47", "description": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use this flaw to trigger time and calculation expensive fragment reassembly algorithm by sending specially crafted packets which could lead to a CPU saturation and hence a denial of service on the system. (CVE-2018-5391)\n\n* kernel: out-of-bounds access in the show_timer function in kernel/time/posix-timers.c (CVE-2017-18344)\n\n* kernel: Integer overflow in udl_fb_mmap() can allow attackers to execute code in kernel space (CVE-2018-8781)\n\n* kernel: MIDI driver race condition leads to a double-free (CVE-2018-10902)\n\n* kernel: Missing check in inode_init_owner() does not clear SGID bit on non-directories for non-members (CVE-2018-13405)\n\n* kernel: AIO write triggers integer overflow in some protocols (CVE-2015-8830)\n\n* kernel: Use-after-free in snd_pcm_info function in ALSA subsystem potentially leads to privilege escalation (CVE-2017-0861)\n\n* kernel: Handling of might_cancel queueing is not properly pretected against race (CVE-2017-10661)\n\n* kernel: Salsa20 encryption algorithm does not correctly handle zero-length inputs allowing local attackers to cause denial of service (CVE-2017-17805)\n\n* kernel: Inifinite loop vulnerability in madvise_willneed() function allows local denial of service (CVE-2017-18208)\n\n* kernel: fuse-backed file mmap-ed onto process cmdline arguments causes denial of service (CVE-2018-1120)\n\n* kernel: a null pointer dereference in dccp_write_xmit() leads to a system crash (CVE-2018-1130)\n\n* kernel: drivers/block/loop.c mishandles lo_release serialization allowing denial of service (CVE-2018-5344)\n\n* kernel: Missing length check of payload in _sctp_make_chunk() function allows denial of service (CVE-2018-5803)\n\n* kernel: buffer overflow in drivers/net/wireless/ath/wil6210/wmi.c:wmi_set_ie() may lead to memory corruption (CVE-2018-5848)\n\n* kernel: out-of-bound write in ext4_init_block_bitmap function with a crafted ext4 image (CVE-2018-10878)\n\n* kernel: Improper validation in bnx2x network card driver can allow for denial of service attacks via crafted packet (CVE-2018-1000026)\n\n* kernel: Information leak when handling NM entries containing NUL (CVE-2016-4913)\n\n* kernel: Mishandling mutex within libsas allowing local Denial of Service (CVE-2017-18232)\n\n* kernel: NULL pointer dereference in ext4_process_freed_data() when mounting crafted ext4 image (CVE-2018-1092)\n\n* kernel: NULL pointer dereference in ext4_xattr_inode_hash() causes crash with crafted ext4 image (CVE-2018-1094)\n\n* kernel: vhost: Information disclosure in vhost.c:vhost_new_msg() (CVE-2018-1118)\n\n* kernel: Denial of service in resv_map_release function in mm/hugetlb.c (CVE-2018-7740)\n\n* kernel: Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c (CVE-2018-7757)\n\n* kernel: Invalid pointer dereference in xfs_ilock_attr_map_shared() when mounting crafted xfs image allowing denial of service (CVE-2018-10322)\n\n* kernel: use-after-free detected in ext4_xattr_set_entry with a crafted file (CVE-2018-10879)\n\n* kernel: out-of-bound access in ext4_get_group_info() when mounting and operating a crafted ext4 image (CVE-2018-10881)\n\n* kernel: stack-out-of-bounds write in jbd2_journal_dirty_metadata function (CVE-2018-10883)\n\n* kernel: incorrect memory bounds check in drivers/cdrom/cdrom.c (CVE-2018-10940)\n\nRed Hat would like to thank Juha-Matti Tilli (Aalto University - Department of Communications and Networking and Nokia Bell Labs) for reporting CVE-2018-5391; Trend Micro Zero Day Initiative for reporting CVE-2018-10902; Qualys Research Labs for reporting CVE-2018-1120; Evgenii Shatokhin (Virtuozzo Team) for reporting CVE-2018-1130; and Wen Xu for reporting CVE-2018-1092 and CVE-2018-1094.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-10-30T04:18:28", "type": "redhat", "title": "(RHSA-2018:3096) Important: kernel-rt security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8830", "CVE-2016-4913", "CVE-2017-0861", "CVE-2017-10661", "CVE-2017-17805", "CVE-2017-18208", "CVE-2017-18232", "CVE-2017-18344", "CVE-2017-18360", "CVE-2018-1000026", "CVE-2018-10322", "CVE-2018-10878", "CVE-2018-10879", "CVE-2018-10881", "CVE-2018-10883", "CVE-2018-10902", "CVE-2018-1092", "CVE-2018-1094", "CVE-2018-10940", "CVE-2018-1118", "CVE-2018-1120", "CVE-2018-1130", "CVE-2018-13405", "CVE-2018-18690", "CVE-2018-5344", "CVE-2018-5391", "CVE-2018-5803", "CVE-2018-5848", "CVE-2018-7740", "CVE-2018-7757", "CVE-2018-8781"], "modified": "2019-02-01T14:38:43", "id": "RHSA-2018:3096", "href": "https://access.redhat.com/errata/RHSA-2018:3096", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-10-19T20:38:38", "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use this flaw to trigger time and calculation expensive fragment reassembly algorithm by sending specially crafted packets which could lead to a CPU saturation and hence a denial of service on the system. (CVE-2018-5391)\n\n* kernel: out-of-bounds access in the show_timer function in kernel/time/posix-timers.c (CVE-2017-18344)\n\n* kernel: Integer overflow in udl_fb_mmap() can allow attackers to execute code in kernel space (CVE-2018-8781)\n\n* kernel: MIDI driver race condition leads to a double-free (CVE-2018-10902)\n\n* kernel: Missing check in inode_init_owner() does not clear SGID bit on non-directories for non-members (CVE-2018-13405)\n\n* kernel: AIO write triggers integer overflow in some protocols (CVE-2015-8830)\n\n* kernel: Use-after-free in snd_pcm_info function in ALSA subsystem potentially leads to privilege escalation (CVE-2017-0861)\n\n* kernel: Handling of might_cancel queueing is not properly pretected against race (CVE-2017-10661)\n\n* kernel: Salsa20 encryption algorithm does not correctly handle zero-length inputs allowing local attackers to cause denial of service (CVE-2017-17805)\n\n* kernel: Inifinite loop vulnerability in madvise_willneed() function allows local denial of service (CVE-2017-18208)\n\n* kernel: fuse-backed file mmap-ed onto process cmdline arguments causes denial of service (CVE-2018-1120)\n\n* kernel: a null pointer dereference in dccp_write_xmit() leads to a system crash (CVE-2018-1130)\n\n* kernel: drivers/block/loop.c mishandles lo_release serialization allowing denial of service (CVE-2018-5344)\n\n* kernel: Missing length check of payload in _sctp_make_chunk() function allows denial of service (CVE-2018-5803)\n\n* kernel: buffer overflow in drivers/net/wireless/ath/wil6210/wmi.c:wmi_set_ie() may lead to memory corruption (CVE-2018-5848)\n\n* kernel: out-of-bound write in ext4_init_block_bitmap function with a crafted ext4 image (CVE-2018-10878)\n\n* kernel: Improper validation in bnx2x network card driver can allow for denial of service attacks via crafted packet (CVE-2018-1000026)\n\n* kernel: Information leak when handling NM entries containing NUL (CVE-2016-4913)\n\n* kernel: Mishandling mutex within libsas allowing local Denial of Service (CVE-2017-18232)\n\n* kernel: NULL pointer dereference in ext4_process_freed_data() when mounting crafted ext4 image (CVE-2018-1092)\n\n* kernel: NULL pointer dereference in ext4_xattr_inode_hash() causes crash with crafted ext4 image (CVE-2018-1094)\n\n* kernel: vhost: Information disclosure in vhost/vhost.c:vhost_new_msg() (CVE-2018-1118)\n\n* kernel: Denial of service in resv_map_release function in mm/hugetlb.c (CVE-2018-7740)\n\n* kernel: Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c (CVE-2018-7757)\n\n* kernel: Invalid pointer dereference in xfs_ilock_attr_map_shared() when mounting crafted xfs image allowing denial of service (CVE-2018-10322)\n\n* kernel: use-after-free detected in ext4_xattr_set_entry with a crafted file (CVE-2018-10879)\n\n* kernel: out-of-bound access in ext4_get_group_info() when mounting and operating a crafted ext4 image (CVE-2018-10881)\n\n* kernel: stack-out-of-bounds write in jbd2_journal_dirty_metadata function (CVE-2018-10883)\n\n* kernel: incorrect memory bounds check in drivers/cdrom/cdrom.c (CVE-2018-10940)\n\nRed Hat would like to thank Juha-Matti Tilli (Aalto University - Department of Communications and Networking and Nokia Bell Labs) for reporting CVE-2018-5391; Trend Micro Zero Day Initiative for reporting CVE-2018-10902; Qualys Research Labs for reporting CVE-2018-1120; Evgenii Shatokhin (Virtuozzo Team) for reporting CVE-2018-1130; and Wen Xu for reporting CVE-2018-1092 and CVE-2018-1094.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-10-30T04:16:59", "type": "redhat", "title": "(RHSA-2018:3083) Important: kernel security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8830", "CVE-2016-4913", "CVE-2017-0861", "CVE-2017-10661", "CVE-2017-17805", "CVE-2017-18208", "CVE-2017-18232", "CVE-2017-18344", "CVE-2017-18360", "CVE-2018-1000026", "CVE-2018-10322", "CVE-2018-10878", "CVE-2018-10879", "CVE-2018-10881", "CVE-2018-10883", "CVE-2018-10902", "CVE-2018-1092", "CVE-2018-1094", "CVE-2018-10940", "CVE-2018-1118", "CVE-2018-1120", "CVE-2018-1130", "CVE-2018-13405", "CVE-2018-18690", "CVE-2018-5344", "CVE-2018-5391", "CVE-2018-5803", "CVE-2018-5848", "CVE-2018-7740", "CVE-2018-7757", "CVE-2018-8781"], "modified": "2019-02-01T13:41:33", "id": "RHSA-2018:3083", "href": "https://access.redhat.com/errata/RHSA-2018:3083", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "oraclelinux": [{"lastseen": "2021-07-30T06:24:21", "description": "[3.10.0-957]\n- [mm] mlock: avoid increase mm->locked_vm on mlock() when already mlock2(, MLOCK_ONFAULT) (Rafael Aquini) [1633059]\n[3.10.0-956]\n- [block] blk-mq: fix hctx debugfs entry related race between update hw queues and cpu hotplug (Ming Lei) [1619988]\n- [nvme] nvme-pci: unquiesce dead controller queues (Ming Lei) [1632424]\n[3.10.0-955]\n- [netdrv] net/mlx5e: IPoIB, Set the netdevice sw mtu in ipoib enhanced flow (Alaa Hleihel) [1633652]\n- [netdrv] net/mlx5e: Fix traffic between VF and representor (Alaa Hleihel) [1633652]\n- [mm] vmscan: do not loop on too_many_isolated for ever (Waiman Long) [1632050]\n[3.10.0-954]\n- [fs] exec: Limit arg stack to at most 75 of _STK_LIM (Yauheni Kaliuta) [1625991] {CVE-2018-14634}\n- [fs] exec: account for argv/envp pointers (Yauheni Kaliuta) [1625991] {CVE-2018-14634}\n- [kernel] revert 'sched/topology: Introduce NUMA identity node sched domain' (Gustavo Duarte) [1620031]\n- [powerpc] revert 'powernv: Add a virtual irqchip for opal events' (Gustavo Duarte) [1617966]\n- [powerpc] revert 'powernv: Reorder OPAL subsystem initialisation' (Gustavo Duarte) [1617966]\n- [char] revert 'ipmi/powernv: Convert to irq event interface' (Gustavo Duarte) [1617966]\n- [tty] revert 'hvc: Convert to using interrupts instead of opal events' (Gustavo Duarte) [1617966]\n- [powerpc] revert 'powernv/eeh: Update the EEH code to use the opal irq domain' (Gustavo Duarte) [1617966]\n- [powerpc] revert 'powernv/opal: Convert opal message events to opal irq domain' (Gustavo Duarte) [1617966]\n- [powerpc] revert 'powernv/elog: Convert elog to opal irq domain' (Gustavo Duarte) [1617966]\n- [powerpc] revert 'powernv/opal-dump: Convert to irq domain' (Gustavo Duarte) [1617966]\n- [powerpc] revert 'opal: Remove events notifier' (Gustavo Duarte) [1617966]\n- [powerpc] revert 'powernv: Increase opal-irqchip initcall priority' (Gustavo Duarte) [1617966]\n- [powerpc] revert 'opal-irqchip: Fix double endian conversion' (Gustavo Duarte) [1617966]\n- [powerpc] revert 'opal-irqchip: Fix deadlock introduced by 'Fix double endian conversion'' (Gustavo Duarte) [1617966]\n- [sound] alsa: hda/realtek - two more lenovo models need fixup of MIC_LOCATION (Jaroslav Kysela) [1611958]\n- [sound] alsa: hda/realtek - Fix the problem of two front mics on more machines (Jaroslav Kysela) [1611958]\n- [sound] alsa: hda/realtek - Enable mic-mute hotkey for several Lenovo AIOs (Jaroslav Kysela) [1611958]\n[3.10.0-953]\n- [cdrom] information leak in cdrom_ioctl_media_changed() (Sanskriti Sharma) [1578207] {CVE-2018-10940}\n- [mm] mlock: remove lru_add_drain_all() (Oleksandr Natalenko) [1624765]\n- [block] blk-mq: fix race between updating nr_hw_queues and switching io sched (Ming Lei) [1619988]\n- [block] blk-mq: avoid to map CPU into stale hw queue (Ming Lei) [1619988]\n- [block] blk-mq: fix sysfs inflight counter (Ming Lei) [1548261]\n- [block] blk-mq: count allocated but not started requests in iostats inflight (Ming Lei) [1548261]\n- [block] fix a crash caused by wrong API (Ming Lei) [1548261]\n- [block] blk-mq: enable checking two part inflight counts at the same time (Ming Lei) [1548261]\n- [block] blk-mq: provide internal in-flight variant (Ming Lei) [1548261]\n- [block] make part_in_flight() take an array of two ints (Ming Lei) [1548261]\n- [block] pass in queue to inflight accounting (Ming Lei) [1548261]\n- [x86] Mark Intel Cascade Lake supported (Steve Best) [1584343]\n[3.10.0-952]\n- [netdrv] mlx5e: IPoIB, Use priv stats in completion rx flow (Alaa Hleihel) [1618609]\n- [netdrv] mlx5e: IPoIB, Add ndo stats support for IPoIB child devices (Alaa Hleihel) [1618609]\n- [netdrv] mlx5e: IPoIB, Add ndo stats support for IPoIB netdevices (Alaa Hleihel) [1618609]\n- [netdrv] mlx5e: IPoIB, Initialize max_opened_tc in mlx5i_init flow (Alaa Hleihel) [1618609]\n- [netdrv] mlx5e: Present SW stats when state is not opened (Alaa Hleihel) [1618609]\n- [netdrv] mlx5e: Avoid reset netdev stats on configuration changes (Alaa Hleihel) [1618609]\n- [netdrv] mlx5e: Use bool as return type for mlx5e_xdp_handle (Alaa Hleihel) [1618609]\n- [netdrv] net: aquantia: memory corruption on jumbo frames (Igor Russkikh) [1628238]\n- [kernel] revert 'platform/uv: Add adjustable set memory block size function' (Baoquan He) [1625143]\n- [x86] revert 'mm: probe memory block size for generic x86 64bit' (Baoquan He) [1625143]\n- [x86] revert 'mm: Use 2GB memory block size on large-memory x86-64 systems' (Baoquan He) [1625143]\n- [x86] revert 'mm: Streamline and restore probe_memory_block_size()' (Baoquan He) [1625143]\n- [x86] revert 'mm/memory_hotplug: determine block size based on the end of boot memory' (Baoquan He) [1625143]\n- [mm] revert 'memory_hotplug: do not fail offlining too early' (Baoquan He) [1625143]\n- [mm] revert 'memory_hotplug: remove timeout from __offline_memory' (Baoquan He) [1625143]\n- [kernel] revert 'x86/platform/uv: Add adjustable set memory block size function' (Baoquan He) [1625143]\n[3.10.0-951]\n- [fs] fanotify: fix logic of events on child (Miklos Szeredi) [1597738]\n- [fs] cifs: add a check for session expiry (Leif Sahlberg) [1626358]\n- [fs] xfs: completely disable per-inode DAX behavior (Eric Sandeen) [1623150]\n- [fs] fs: get_rock_ridge_filename(): handle malformed NM entries (Bill O'Donnell) [1340778] {CVE-2016-4913}\n- [md] fix 'allow faster resync only on non-rotational media' underneath dm (Nigel Croxon) [1561162]\n- [md] Revert 'allow faster resync only on non-rotational media' (Nigel Croxon) [1561162]\n- [mm] madvise: fix madvise() infinite loop under special circumstances (Rafael Aquini) [1552982] {CVE-2017-18208}\n- [infiniband] srpt: Support HCAs with more than two ports (Don Dutile) [1616192]\n- [infiniband] overflow.h: Add allocation size calculation helpers (Don Dutile) [1616192]\n- [net] ip_tunnel: clean the GSO bits properly (Flavio Leitner) [1607907]\n- [kernel] revert cpuset: fix a warning when clearing configured masks in old hierarchy (Aristeu Rozanski) [1626943]\n- [s390] sclp: Change SCLP console default buffer-full behavior (Hendrik Brueckner) [1625350]\n- [x86] kvm: Take out __exit annotation in vmx_exit() (Waiman Long) [1626560]\n- [x86] mark coffeelake-s 8+2 as supported (David Arcari) [1575457]\n- [x86] kvm: vmx: fixes for vmentry_l1d_flush module parameter (Marcelo Tosatti) [1619602]\n- [x86] speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry (Marcelo Tosatti) [1619602]\n[3.10.0-950]\n- [kernel] posix-timer: Properly check sigevent->sigev_notify (Phil Auld) [1613711] {CVE-2017-18344}\n- [sound] alsa: rawmidi: Change resized buffers atomically (Denys Vlasenko) [1593087] {CVE-2018-10902}\n- [fs] Fix up non-directory creation in SGID directories (Miklos Szeredi) [1600953] {CVE-2018-13405}\n- [fs] pnfs: Layoutreturn must free the layout after the layout-private data (Scott Mayhew) [1625517]\n- [fs] sunrpc: Ensure we always close the socket after a connection shuts down (Steve Dickson) [1614950]\n- [fs] xfs: remove filestream item xfs_inode reference (Brian Foster) [1518623]\n- [mm] set IORESOURCE_SYSTEM_RAM to system RAM to fix memory hot-add failure (Larry Woodman) [1628349]\n- [firmware] efivars: Protect DataSize and Data in efivar_entry.var (Lenny Szubowicz) [1597868]\n[3.10.0-949]\n- [scsi] libsas: fix memory leak in sas_smp_get_phy_events() (Tomas Henzl) [1558582] {CVE-2018-7757}\n- [vhost] fix info leak due to uninitialized memory (Jason Wang) [1573705] {CVE-2018-1118}\n- [pci] Fix calculation of bridge window's size and alignment (Myron Stowe) [1623800]\n- [md] dm thin metadata: try to avoid ever aborting transactions (Mike Snitzer) [1614151]\n- [crypto] api: fix finding algorithm currently being tested (Herbert Xu) [1618701]\n- [sound] alsa: hda/realtek: Fix HP Headset Mic can't record (Jaroslav Kysela) [1622721]\n- [sound] alsa: hda/realtek - Fixup for HP x360 laptops with B&O speakers (Jaroslav Kysela) [1622721]\n- [sound] alsa: hda/realtek - Fixup mute led on HP Spectre x360 (Jaroslav Kysela) [1622721]\n- [target] scsi: tcmu: use u64 for dev_size (Xiubo Li) [1603363]\n- [target] scsi: tcmu: use match_int for dev params (Xiubo Li) [1603363]\n- [target] scsi: tcmu: do not set max_blocks if data_bitmap has been setup (Xiubo Li) [1603363]\n- [target] scsi: tcmu: unmap if dev is configured (Xiubo Li) [1603363]\n- [target] scsi: tcmu: check if dev is configured before block/reset (Xiubo Li) [1603363]\n- [target] scsi: tcmu: use lio core se_device configuration helper (Xiubo Li) [1603363]\n- [target] scsi: target: add helper to check if dev is configured (Xiubo Li) [1603363]\n- [target] scsi: tcmu: initialize list head (Xiubo Li) [1603363]\n- [target] scsi: target_core_user: fix double unlock (Xiubo Li) [1603363]\n- [s390] arch: Set IORESOURCE_SYSTEM_RAM flag for resources (Gary Hook) [1627889]\n- [x86] efi-bgrt: Switch all pr_err() to pr_notice() for invalid BGRT (Lenny Szubowicz) [1464241]\n- [x86] efi/bgrt: Don't ignore the BGRT if the 'valid' bit is 0 (Lenny Szubowicz) [1464241]\n- [x86] efi: Preface all print statements with efi* tag (Lenny Szubowicz) [1464241]\n- [x86] efi-bgrt: Switch pr_err() to pr_debug() for invalid BGRT (Lenny Szubowicz) [1464241]\n- [x86] efi-bgrt: Add error handling; inform the user when ignoring the BGRT (Lenny Szubowicz) [1464241]\n- [x86] efi: Check status field to validate BGRT header (Lenny Szubowicz) [1464241]\n[3.10.0-948]\n- [gpu] drm/nouveau/drm/nouveau: Don't forget to cancel hpd_work on suspend/unload (Lyude Paul) [1597881 1571927]\n- [gpu] drm/nouveau/drm/nouveau: Prevent handling ACPI HPD events too early (Lyude Paul) [1597881 1571927]\n- [gpu] drm/nouveau: Fix deadlocks in nouveau_connector_detect() (Lyude Paul) [1597881 1571927]\n- [gpu] drm/nouveau/drm/nouveau: Use pm_runtime_get_noresume() in connector_detect() (Lyude Paul) [1597881 1571927]\n- [gpu] drm/nouveau/drm/nouveau: Fix deadlock with fb_helper with async RPM requests (Lyude Paul) [1597881 1571927]\n- [gpu] drm/nouveau: Remove duplicate poll_enable() in pmops_runtime_suspend() (Lyude Paul) [1597881 1571927]\n- [gpu] drm/nouveau/drm/nouveau: Fix bogus drm_kms_helper_poll_enable() placement (Lyude Paul) [1597881 1571927]\n- [gpu] drm/nouveau: Reset MST branching unit before enabling (Lyude Paul) [1597881 1571927]\n- [gpu] drm/nouveau: Only write DP_MSTM_CTRL when needed (Lyude Paul) [1597881 1571927]\n- [gpu] drm/nouveau/kms/nv50-: ensure window updates are submitted when flushing mst disables (Lyude Paul) [1597881 1571927]\n- [vfio] vfio-pci: Disable binding to PFs with SR-IOV enabled (Alex Williamson) [1583487]\n- [mm] partially revert: remove per-zone hashtable of bitlock waitqueues (Jeff Moyer) [1623980]\n- [security] selinux: mark unsupported policy capabilities as reserved (Paul Moore) [1600850]\n- [x86] intel_rdt: Fix MBA resource initialization (Prarit Bhargava) [1610239]\n[3.10.0-947]\n- [net] ip: process in-order fragments efficiently (Sabrina Dubroca) [1613924] {CVE-2018-5391}\n- [net] ipv6: defrag: drop non-last frags smaller than min mtu (Sabrina Dubroca) [1613924] {CVE-2018-5391}\n- [net] ip: use rb trees for IP frag queue (Sabrina Dubroca) [1613924] {CVE-2018-5391}\n- [net] revert ipv4: use skb coalescing in defragmentation (Sabrina Dubroca) [1613924] {CVE-2018-5391}\n- [net] modify skb_rbtree_purge to return the truesize of all purged skbs (Sabrina Dubroca) [1613924] {CVE-2018-5391}\n- [net] ip: discard IPv4 datagrams with overlapping segments (Sabrina Dubroca) [1613924] {CVE-2018-5391}\n- [net] speed up skb_rbtree_purge() (Sabrina Dubroca) [1613924] {CVE-2018-5391}\n- [net] avoid skb_warn_bad_offload on IS_ERR (Andrea Claudi) [1624702]\n- [net] ipv4: fix incorrectly registered callback for sysctl_fib_multipath_hash_policy (Ivan Vecera) [1624356]\n- [net] ipset: list:set: Decrease refcount synchronously on deletion and replace (Stefano Brivio) [1593732]\n- [netdrv] cfg80211: let's wmm_rule be part of reg_rule structure (Stanislaw Gruszka) [1620108]\n- [netdrv] nl80211: Add wmm rule attribute to NL80211_CMD_GET_WIPHY dump command (Stanislaw Gruszka) [1620108]\n- [netdrv] iwlwifi: mvm: remove division by size of sizeof(struct ieee80211_wmm_rule) (Stanislaw Gruszka) [1620108]\n- [hv] vmbus: don't return values for uninitalized channels (Vitaly Kuznetsov) [1615500]\n- [md] dm raid: bump target version, update comments and documentation (Mike Snitzer) [1573988]\n- [md] dm raid: fix RAID leg rebuild errors (Mike Snitzer) [1573988]\n- [md] dm raid: fix rebuild of specific devices by updating superblock (Mike Snitzer) [1626094]\n- [md] dm raid: fix stripe adding reshape deadlock (Mike Snitzer) [1613039 1514539]\n- [md] dm raid: fix reshape race on small devices (Mike Snitzer) [1573988 1586123]\n- [acpi] acpica: reference counts: increase max to 0x4000 for large servers (Frank Ramsay) [1618758]\n- [gpu] drm/i915/cfl: Add a new CFL PCI ID (Rob Clark) [1533336]\n- [gpu] drm/i915/aml: Introducing Amber Lake platform (Rob Clark) [1533336]\n- [gpu] drm/i915/whl: Introducing Whiskey Lake platform (Rob Clark) [1533336]\n- [gpu] drm/nouveau/kms/nv50-: allocate push buffers in vidmem on pascal (Ben Skeggs) [1584963]\n- [gpu] drm/nouveau/fb/gp100-: disable address remapper (Ben Skeggs) [1584963]\n- [mm] kernel error swap_info_get: Bad swap offset entry (Mikulas Patocka) [1622747]\n- [s390] detect etoken facility (Hendrik Brueckner) [1625349]\n- [s390] lib: use expoline for all bcr instructions (Hendrik Brueckner) [1625349]\n- [x86] spec_ctrl: Don't turn off IBRS on idle with enhanced IBRS (Waiman Long) [1614143]\n- [x86] speculation: Support Enhanced IBRS on future CPUs (Waiman Long) [1614143]\n[3.10.0-946]\n- [netdrv] qed: Add new TLV to request PF to update MAC in bulletin board (Harish Patil) [1460150]\n- [netdrv] qed: use trust mode to allow VF to override forced MAC (Harish Patil) [1460150]\n- [netdrv] hv_netvsc: Fix napi reschedule while receive completion is busy (Mohammed Gamal) [1614503]\n- [netdrv] hv_netvsc: remove unneeded netvsc_napi_complete_done() (Mohammed Gamal) [1614503]\n- [scsi] qedi: Add the CRC size within iSCSI NVM image (Chad Dupuis) [1611573]\n- [char] ipmi: Move BT capabilities detection to the detect call (Frank Ramsay) [1618778]\n- [x86] kvm: update master clock before computing kvmclock_offset (Marcelo Tosatti) [1594034]\n[3.10.0-945]\n- [samples] bpf: Additional changes (Jiri Olsa) [1619721]\n- [samples] bpf: Add v4.16 sources (Jiri Olsa) [1619721]\n- [tools] perf python: Fix pyrf_evlist__read_on_cpu() interface (Jiri Olsa) [1620774]\n- [tools] perf mmap: Store real cpu number in 'struct perf_mmap' (Jiri Olsa) [1620774]\n- [netdrv] cxgb4: update 1.20.8.0 as the latest firmware supported (Arjun Vynipadath) [1622551]\n- [netdrv] cxgb4: update latest firmware version supported (Arjun Vynipadath) [1622551]\n- [netdrv] mlx5e: Fix null pointer access when setting MTU of vport representor (Erez Alfasi) [1625195]\n- [netdrv] mlx5e: Support configurable MTU for vport representors (Erez Alfasi) [1625195]\n- [netdrv] mlx5e: Save MTU in channels params (Erez Alfasi) [1625195]\n- [netdrv] be2net: Fix memory leak in be_cmd_get_profile_config() (Petr Oros) [1625703]\n- [netdrv] virtio-net: set netdevice mtu correctly (Mohammed Gamal) [1610416]\n- [netdrv] i40e: Prevent deleting MAC address from VF when set by PF (Stefan Assmann) [1614161]\n- [netdrv] i40evf: cancel workqueue sync for adminq when a VF is removed (Stefan Assmann) [1615829]\n- [netdrv] i40e: Fix for Tx timeouts when interface is brought up if DCB is enabled (Stefan Assmann) [1616149]\n- [netdrv] i40e: fix condition of WARN_ONCE for stat strings (Stefan Assmann) [1609173]\n- [uio] Revert 'use request_threaded_irq instead' (Xiubo Li) [1560418]\n- [fs] seq_file: fix out-of-bounds read (Paolo Abeni) [1620002]\n- [md] RAID10 BUG_ON in raise_barrier when force is true and conf->barrier is 0 (Nigel Croxon) [1530776]\n- [md] allow faster resync only on non-rotational media (Nigel Croxon) [1561162]\n- [nvdimm] libnvdimm: fix ars_status output length calculation (Jeff Moyer) [1616304]\n- [cpufreq] Fix possible circular locking dependency (Waiman Long) [1529668]\n- [mm] memcg: delay memcg id freeing (Aristeu Rozanski) [1607249]\n- [mm] mlock: fix mlock accounting (Rafael Aquini) [1610652]\n- [mm] page-writeback: check-before-clear PageReclaim (Rafael Aquini) [1588002]\n- [mm] migrate: check-before-clear PageSwapCache (Rafael Aquini) [1588002]\n- [mm] mempolicy: fix crashes from mbind() merging vmas (Rafael Aquini) [1588002]\n- [x86] apic: Future-proof the TSC_DEADLINE quirk for SKX (Steve Best) [1624090]\n[3.10.0-944]\n- [net] ipvs: Fix panic due to non-linear skb (Davide Caratti) [1623088]\n- [net] ipv4: remove BUG_ON() from fib_compute_spec_dst (Lorenzo Bianconi) [1496779]\n- [net] ipv6: fix cleanup ordering for ip6_mr failure (Xin Long) [1622218]\n- [net] ipv6: reorder icmpv6_init() and ip6_mr_init() (Xin Long) [1622218]\n- [x86] subject: x86/efi: Access EFI MMIO data as unencrypted when SEV is active (Gary Hook) [1361286]\n- [x86] boot: Fix boot failure when SMP MP-table is based at 0 (Gary Hook) [1361286]\n- [x86] resource: Fix resource_size.cocci warnings (Gary Hook) [1361286]\n- [x86] kvm: Clear encryption attribute when SEV is active (Gary Hook) [1361286]\n- [x86] kvm: Decrypt shared per-cpu variables when SEV is active (Gary Hook) [1361286]\n- [kernel] percpu: Introduce DEFINE_PER_CPU_DECRYPTED (Gary Hook) [1361286]\n- [x86] Add support for changing memory encryption attribute in early boot (Gary Hook) [1361286]\n- [x86] io: Unroll string I/O when SEV is active (Gary Hook) [1361286]\n- [x86] boot: Add early boot support when running with SEV active (Gary Hook) [1361286]\n- [x86] mm: Add DMA support for SEV memory encryption (Gary Hook) [1361286]\n- [x86] mm, resource: Use PAGE_KERNEL protection for ioremap of memory pages (Gary Hook) [1361286]\n- [kernel] resource: Provide resource struct in resource walk callback (Gary Hook) [1361286]\n- [kernel] resource: Consolidate resource walking code (Gary Hook) [1361286]\n- [x86] efi: Access EFI data as encrypted when SEV is active (Gary Hook) [1361286]\n- [x86] mm: Include SEV for encryption memory attribute changes (Gary Hook) [1361286]\n- [x86] mm: Use encrypted access of boot related data with SEV (Gary Hook) [1361286]\n- [x86] mm: Add Secure Encrypted Virtualization (SEV) support (Gary Hook) [1361286]\n- [documentation] x86: Add AMD Secure Encrypted Virtualization (SEV) description (Gary Hook) [1361286]\n- [x86] mm: Remove unnecessary TLB flush for SME in-place encryption (Gary Hook) [1361286]\n- [x86] kexec: Remove walk_iomem_res() call with GART type (Gary Hook) [1361286]\n- [kernel] resource: Change walk_system_ram() to use System RAM type (Gary Hook) [1361286]\n- [kernel] kexec: Set IORESOURCE_SYSTEM_RAM for System RAM (Gary Hook) [1361286]\n- [x86] arch: Set IORESOURCE_SYSTEM_RAM flag for System RAM (Gary Hook) [1361286]\n- [x86] Set System RAM type and descriptor (Gary Hook) [1361286]\n- [kernel] resource: Handle resource flags properly (Gary Hook) [1361286]\n- [kernel] resource: Add System RAM resource type (Gary Hook) [1361286]\n[3.10.0-943]\n- [fs] timerfd: Protect the might cancel mechanism proper (Bill O'Donnell) [1485407] {CVE-2017-10661}\n- [fs] exec.c: Add missing 'audit_bprm()' call in 'exec_binprm()' (Bhupesh Sharma) [1496408]\n- [fs] gfs2: Don't set GFS2_RDF_UPTODATE when the lvb is updated (Robert S Peterson) [1600142]\n- [fs] gfs2: improve debug information when lvb mismatches are found (Robert S Peterson) [1600142]\n- [fs] gfs2: fix memory leak in rgrp lvbs (Robert S Peterson) [1600142]\n- [fs] gfs2: cleanup: call gfs2_rgrp_ondisk2lvb from gfs2_rgrp_out (Robert S Peterson) [1600142]\n- [fs] gfs2: Fix MAGIC check in LVBs (Robert S Peterson) [1600142]\n- [fs] gfs2: Do not reset flags on active reservations (Robert S Peterson) [1600142]\n- [fs] cifs: Fix stack out-of-bounds in smb(2, 3)_create_lease_buf() (Leif Sahlberg) [1598755]\n- [fs] cifs: store the leaseKey in the fid on SMB2_open (Leif Sahlberg) [1598755]\n- [fs] nfsd: further refinement of content of /proc/fs/nfsd/versions (Steve Dickson) [1614603]\n- [fs] nfsd: fix configuration of supported minor versions (Steve Dickson) [1614603]\n- [fs] nfsd: Fix display of the version string (Steve Dickson) [1614603]\n- [fs] nfsd: correctly range-check v4.x minor version when setting versions (Steve Dickson) [1614603]\n- [fs] ext4: Close race between direct IO and ext4_break_layouts() (Eric Sandeen) [1616301]\n- [fs] xfs: Close race between direct IO and xfs_break_layouts() (Eric Sandeen) [1616301]\n- [fs] ext4: handle layout changes to pinned DAX mappings (Eric Sandeen) [1614153]\n- [fs] dax: dax_layout_busy_page() warn on !exceptional (Eric Sandeen) [1614153]\n- [gpu] makefile: bump drm backport version (Rob Clark) [1600569]\n- [gpu] drm/nouveau/gem: off by one bugs in nouveau_gem_pushbuf_reloc_apply() (Rob Clark) [1600569]\n- [gpu] amd/dc/dce100: On dce100, set clocks to 0 on suspend (Rob Clark) [1600569]\n- [gpu] drm/amdgpu: fix swapped emit_ib_size in vce3 (Rob Clark) [1600569]\n- [gpu] drm/amd/powerplay: correct vega12 thermal support as true (Rob Clark) [1600569]\n- [gpu] drm/atomic: Initialize variables in drm_atomic_helper_async_check() to make gcc happy (Rob Clark) [1600569]\n- [gpu] drm/atomic: Check old_plane_state->crtc in drm_atomic_helper_async_check() (Rob Clark) [1600569]\n- [gpu] drm/amdgpu: Avoid reclaim while holding locks taken in MMU notifier (Rob Clark) [1600569]\n- [gpu] drm/dp/mst: Fix off-by-one typo when dump payload table (Rob Clark) [1600569]\n- [gpu] drm/atomic-helper: Drop plane->fb references only for drm_atomic_helper_shutdown() (Rob Clark) [1600569]\n- [gpu] drm/gma500: fix psb_intel_lvds_mode_valid()'s return type (Rob Clark) [1600569]\n- [gpu] drm/atomic: Handling the case when setting old crtc for plane (Rob Clark) [1600569]\n- [gpu] drm/amd/display: Fix dim display on DCE11 (Rob Clark) [1600569]\n- [gpu] drm/amdgpu: Remove VRAM from shared bo domains (Rob Clark) [1600569]\n- [gpu] drm/radeon: fix mode_valid's return type (Rob Clark) [1600569]\n- [gpu] drm/amd/display: remove need of modeset flag for overlay planes (V2) (Rob Clark) [1600569]\n- [gpu] drm/amd/display: Do not program interrupt status on disabled crtc (Rob Clark) [1600569]\n- [gpu] drm/amd/powerplay: Set higher SCLK&MCLK frequency than dpm7 in OD (v2) (Rob Clark) [1600569]\n- [gpu] drm/i915/glk: Add Quirk for GLK NUC HDMI port issues (Rob Clark) [1600569]\n- [gpu] drm/nouveau: Set DRIVER_ATOMIC cap earlier to fix debugfs (Rob Clark) [1600569]\n- [gpu] drm/nouveau/drm/nouveau: Fix runtime PM leak in nv50_disp_atomic_commit() (Rob Clark) [1600569]\n- [gpu] drm/nouveau: Avoid looping through fake MST connectors (Rob Clark) [1600569]\n- [gpu] drm/nouveau: Use drm_connector_list_iter_* for iterating connectors (Rob Clark) [1600569]\n- [gpu] drm/nouveau: Remove bogus crtc check in pmops_runtime_idle (Rob Clark) [1600569]\n- [gpu] revert 'drm/amd/display: Don't return ddc result and read_bytes in same return value' (Rob Clark) [1600569]\n- [gpu] drm/i915: Fix hotplug irq ack on i965/g4x (Rob Clark) [1600569]\n- [gpu] drm/amdgpu: Reserve VM root shared fence slot for command submission (v3) (Rob Clark) [1600569]\n- [x86] unwind: Ensure stack grows down (Josh Poimboeuf) [1609717]\n[3.10.0-942]\n- [mm] fix devmem_is_allowed() for sub-page System RAM intersections (Joe Lawrence) [1524322]\n- [pci] Delay after FLR of Intel DC P3700 NVMe (Alex Williamson) [1592654]\n- [pci] Disable Samsung SM961/PM961 NVMe before FLR (Alex Williamson) [1542494]\n- [pci] Export pcie_has_flr() (Alex Williamson) [1592654 1542494]\n- [nvdimm] libnvdimm: Export max available extent (Jeff Moyer) [1611761]\n- [nvdimm] libnvdimm: Use max contiguous area for namespace size (Jeff Moyer) [1611761]\n- [mm] ipc/shm.c add ->pagesize function to shm_vm_ops (Jeff Moyer) [1609834]\n- [kernel] mm: disallow mappings that conflict for devm_memremap_pages() (Jeff Moyer) [1616044]\n- [kernel] memremap: fix softlockup reports at teardown (Jeff Moyer) [1616187]\n- [kernel] memremap: add scheduling point to devm_memremap_pages (Jeff Moyer) [1616187]\n- [mm] page_alloc: add scheduling point to memmap_init_zone (Jeff Moyer) [1616187]\n- [mm] memory_hotplug: add scheduling point to __add_pages (Jeff Moyer) [1616187]\n- [acpi] nfit: Fix scrub idle detection (Jeff Moyer) [1616041]\n- [x86] asm/memcpy_mcsafe: Fix copy_to_user_mcsafe() exception handling (Jeff Moyer) [1608674]\n- [nvdimm] libnvdimm, pmem: Fix memcpy_mcsafe() return code handling in nsio_rw_bytes() (Jeff Moyer) [1608674]\n- [tools] testing/nvdimm: advertise a write cache for nfit_test (Jeff Moyer) [1608674]\n- [tools] x86, nfit_test: Add unit test for memcpy_mcsafe() (Jeff Moyer) [1608674]\n- [tools] testing/nvdimm: fix missing newline in nfit_test_dimm 'handle' attribute (Jeff Moyer) [1608674]\n- [tools] testing/nvdimm: support nfit_test_dimm attributes under nfit_test.1 (Jeff Moyer) [1608674]\n- [tools] testing/nvdimm: allow custom error code injection (Jeff Moyer) [1608674]\n- [tools] libnvdimm, testing: update the default smart ctrl_temperature (Jeff Moyer) [1608674]\n- [tools] libnvdimm, testing: Add emulation for smart injection commands (Jeff Moyer) [1608674]\n- [tools] nfit_test: prevent parsing error of nfit_test.0 (Jeff Moyer) [1608674]\n- [tools] nfit_test: fix buffer overrun, add sanity check (Jeff Moyer) [1608674]\n- [tools] nfit_test: improve structure offset handling (Jeff Moyer) [1608674]\n- [tools] testing/nvdimm: force nfit_test to depend on instrumented modules (Jeff Moyer) [1608674]\n- [tools] libnvdimm/nfit_test: adding support for unit testing enable LSS status (Jeff Moyer) [1612421]\n- [tools] libnvdimm/nfit_test: add firmware download emulation (Jeff Moyer) [1612420]\n- [kernel] jiffies: add time comparison functions for 64 bit jiffies (Jeff Moyer) [1612420]\n- [tools] testing/nvdimm: smart alarm/threshold control (Jeff Moyer) [1608674]\n- [tools] testing/nvdimm: unit test clear-error commands (Jeff Moyer) [1608674]\n- [tools] testing/nvdimm: stricter bounds checking for error injection commands (Jeff Moyer) [1608674]\n- [tools] nfit_test: when clearing poison, also remove badrange entries (Jeff Moyer) [1608674]\n- [tools] nfit_test: add error injection DSMs (Jeff Moyer) [1612417]\n- [nvdimm] pmem: Switch to copy_to_iter_mcsafe() (Jeff Moyer) [1608674]\n- [fs] dax: Report bytes remaining in dax_iomap_actor() (Jeff Moyer) [1608674]\n- [lib] uio, lib: Fix CONFIG_ARCH_HAS_UACCESS_MCSAFE compilation (Jeff Moyer) [1608674]\n- [net] x86/asm/memcpy_mcsafe: Define copy_to_iter_mcsafe() (Jeff Moyer) [1608674]\n- [x86] asm/memcpy_mcsafe: Add write-protection-fault handling (Jeff Moyer) [1608674]\n- [x86] asm/memcpy_mcsafe: Return bytes remaining (Jeff Moyer) [1608674]\n- [x86] asm/memcpy_mcsafe: Add labels for __memcpy_mcsafe() write fault handling (Jeff Moyer) [1608674]\n- [x86] asm/memcpy_mcsafe: Remove loop unrolling (Jeff Moyer) [1608674]\n- [net] dax: Introduce a ->copy_to_iter dax operation (Jeff Moyer) [1608674]\n- [kernel] dax: remove default copy_from_iter fallback (Jeff Moyer) [1539264]\n- [fs] filesystem-dax: convert to dax_copy_from_iter() (Jeff Moyer) [1608674]\n- [md] dm log writes: record metadata flag for better flags record (Jeff Moyer) [1539264]\n- [md] dax, dm: allow device-mapper to operate without dax support (Jeff Moyer) [1539264]\n- [md] dm log writes: fix max length used for kstrndup (Jeff Moyer) [1539264]\n- [md] dm log writes: add support for DAX (Jeff Moyer) [1539264]\n- [md] dm log writes: add support for inline data buffers (Jeff Moyer) [1539264]\n- [md] dm log writes: fix >512b sectorsize support (Jeff Moyer) [1539264]\n- [md] dm log writes: don't use all the cpu while waiting to log blocks (Jeff Moyer) [1539264]\n- [md] dm log writes: fix check of kthread_run() return value (Jeff Moyer) [1539264]\n- [md] dm log writes: fix bug with too large bios (Jeff Moyer) [1539264]\n- [md] dm log writes: move IO accounting earlier to fix error path (Jeff Moyer) [1539264]\n- [md] dm log writes: use ULL suffix for 64-bit constants (Jeff Moyer) [1539264]\n- [md] dm: add log writes target (Jeff Moyer) [1539264]\n- [md] dm: add ->copy_from_iter() dax operation support (Jeff Moyer) [1539264]\n- [powerpc] fadump: cleanup crash memory ranges support (Gustavo Duarte) [1621969]\n- [powerpc] fadump: merge adjacent memory ranges to reduce PT_LOAD segements (Gustavo Duarte) [1621969]\n- [powerpc] fadump: handle crash memory ranges array index overflow (Gustavo Duarte) [1621969]\n- [powerpc] fadump: Unregister fadump on kexec down path (Gustavo Duarte) [1621969]\n- [powerpc] fadump: Return error when fadump registration fails (Gustavo Duarte) [1621969]\n- [powerpc] iommu: Do not call PageTransHuge() on tail pages (David Gibson) [1594347]\n- [powerpc] kvm: book3s hv: Migrate pinned pages out of CMA (David Gibson) [1594347]\n[3.10.0-941]\n- [tools] power turbostat: Allow for broken ACPI LPIT tables (Prarit Bhargava) [1614083]\n- [base] pm/runtime: Avoid false-positive warnings from might_sleep_if() (Paul Lai) [1615223]\n- [md] dm thin: stop no_space_timeout worker when switching to write-mode (Mike Snitzer) [1620251]\n- [netdrv] mlx5e: Only allow offloading decap egress (egdev) flows (Erez Alfasi) [1619641]\n- [netdrv] mlx5-core: Mark unsupported devices (Don Dutile) [1621824 1621810]\n- [netdrv] bnx2x: disable GSO where gso_size is too big for hardware (Jonathan Toppins) [1546760] {CVE-2018-1000026}\n- [net] create skb_gso_validate_mac_len() (Jonathan Toppins) [1546760] {CVE-2018-1000026}\n- [scsi] target: iscsi: cxgbit: fix max iso npdu calculation (Arjun Vynipadath) [1613307]\n- [scsi] csiostor: update csio_get_flash_params() (Arjun Vynipadath) [1613307]\n- [scsi] lpfc: Correct MDS diag and nvmet configuration (Dick Kennedy) [1616104]\n- [qla2xxx] Mark NVMe/FC initiator mode usage as technology preview (Ewan Milne) [1620258]\n- [nvme-fc] Take NVMe/FC initiator out of technology preview (Ewan Milne) [1620258]\n- [mm] inode: avoid softlockup in prune_icache_sb (Andrea Arcangeli) [1610560]\n- [mm] compaction: reschedule immediately if need_resched() is set (Andrea Arcangeli) [1610560]\n- [mm] compaction: properly signal and act upon lock and need_sched() contention (Andrea Arcangeli) [1610560]\n- [mm] compaction: cleanup isolate_freepages() (Andrea Arcangeli) [1610560]\n- [mm] compaction: encapsulate defer reset logic (Andrea Arcangeli) [1610560]\n- [mm] compaction.c: periodically schedule when freeing pages (Andrea Arcangeli) [1610560]\n- [powerpc] powernv/pci: Work around races in PCI bridge enabling (Gustavo Duarte) [1620041]\n- [powerpc] kdump: Handle crashkernel memory reservation failure (Pingfan Liu) [1621945]\n- [powerpc] ftrace: Match dot symbols when searching functions on ppc64 (Jerome Marchand) [1613136]\n- [x86] entry/64: Restore TRACE_IRQS_IRETQ in paranoid_exit (Scott Wood) [1561777]\n[3.10.0-940]\n- [net] sched: Fix missing res info when create new tc_index filter (Hangbin Liu) [1607687]\n- [net] sched: fix NULL pointer dereference when delete tcindex filter (Hangbin Liu) [1607687]\n- [net] dev: advertise the new ifindex when the netns iface changes (Michael Cambria) [1584287]\n- [net] dev: always advertise the new nsid when the netns iface changes (Michael Cambria) [1584287]\n- [net] Zero ifla_vf_info in rtnl_fill_vfinfo() (Hangbin Liu) [1614178]\n- [net] udpv6: Fix the checksum computation when HW checksum does not apply (Xin Long) [1619793]\n- [net] tc: ensure that offloading callback is called for MQPRIO qdisc (Ivan Vecera) [1618579]\n- [thunderbolt] move tb3 to full support status (Jarod Wilson) [1620372]\n- [kernel] x86/platform/uv: Add adjustable set memory block size function (Baoquan He) [1601867]\n- [mm] memory_hotplug: remove timeout from __offline_memory (Baoquan He) [1601867]\n- [mm] memory_hotplug: do not fail offlining too early (Baoquan He) [1601867]\n- [x86] mm/memory_hotplug: determine block size based on the end of boot memory (Baoquan He) [1601867]\n- [x86] mm: Streamline and restore probe_memory_block_size() (Baoquan He) [1601867]\n- [x86] mm: Use 2GB memory block size on large-memory x86-64 systems (Baoquan He) [1601867]\n- [x86] mm: probe memory block size for generic x86 64bit (Baoquan He) [1601867]\n- [x86] revert platform/uv: Add adjustable set memory block size function (Baoquan He) [1601867]\n[3.10.0-939]\n- [nvme] rdma: Fix command completion race at error recovery (David Milburn) [1610641]\n- [infiniband] revert vmw_pvrdma: Call ib_umem_release on destroy QP path (Don Dutile) [1618625]\n- [infiniband] iw_cxgb4: correctly enforce the max reg_mr depth (Arjun Vynipadath) [1613317]\n- [netdrv] net: aquantia: Fix IFF_ALLMULTI flag functionality (Igor Russkikh) [1608762]\n- [uio] fix possible circular locking dependency (Xiubo Li) [1613195]\n- [tools] power turbostat: Fix logical node enumeration to allow for non-sequential physical nodes (Prarit Bhargava) [1612902]\n- [tools] bpf selftest: Disable unsupported verifier tests (Jiri Olsa) [1615222]\n- [tools] bpf: fix panic due to oob in bpf_prog_test_run_skb (Jiri Olsa) [1615222]\n- [net] bpf: Align packet data properly in program testing framework (Jiri Olsa) [1615222]\n- [net] bpf: Do not dereference user pointer in bpf_test_finish() (Jiri Olsa) [1615222]\n- [tools] bpf: migrate ebpf ld_abs/ld_ind tests to test_verifier (Jiri Olsa) [1615222]\n- [tools] bpf: add verifier tests for accesses to map values (Jiri Olsa) [1615222]\n- [kernel] bpf: allow map helpers access to map values directly (Jiri Olsa) [1615222]\n- [kernel] cpuset: fix a warning when clearing configured masks in old hierarchy (Aristeu Rozanski) [1613248]\n- [kernel] percpu_ref: Update doc to dissuade users from depending on internal RCU grace periods (Prarit Bhargava) [1603603]\n- [kernel] percpu: READ_ONCE() now implies smp_read_barrier_depends() (Prarit Bhargava) [1603603]\n- [kernel] locking/barriers: Add implicit smp_read_barrier_depends() to READ_ONCE() (Prarit Bhargava) [1603603]\n- [kernel] compiler, atomics, kasan: Provide READ_ONCE_NOCHECK() (Prarit Bhargava) [1603603]\n- [kernel] percpu-refcount: init ->confirm_switch member properly (Prarit Bhargava) [1603603]\n- [kernel] percpu, locking: revert ('percpu: Replace smp_read_barrier_depends() with lockless_dereference()') (Prarit Bhargava) [1603603]\n- [x86] microcode: Allow late microcode loading with SMT disabled (Josh Poimboeuf) [1614515]\n- [x86] intel_rdt: Enable CMT and MBM on new Skylake stepping (Jiri Olsa) [1517736]\n[3.10.0-938]\n- [netdrv] mlx5e: Properly check if hairpin is possible between two functions (Alaa Hleihel) [1611567]\n- [netdrv] bnx2x: Fix invalid memory access in rss hash config path (Jonathan Toppins) [1615290]\n- [netdrv] iwlwifi: pcie: compare with number of IRQs requested for, not number of CPUs (Stanislaw Gruszka) [1616290]\n- [netdrv] ibmvnic: Update firmware error reporting with cause string (Steve Best) [1614652]\n- [netdrv] ibmvnic: Remove code to request error information (Steve Best) [1614652]\n- [scsi] fcoe: hold disc_mutex when traversing rport lists (Chris Leech) [1608481]\n- [scsi] libfc: hold disc_mutex in fc_disc_stop_rports() (Chris Leech) [1608481]\n- [scsi] libfc: fixup lockdep annotations (Chris Leech) [1608481]\n- [scsi] libfc: fixup 'sleeping function called from invalid context' (Chris Leech) [1608481]\n- [scsi] libfc: Add lockdep annotations (Chris Leech) [1608481]\n- [scsi] libiscsi: fix possible NULL pointer dereference in case of TMF (Chris Leech) [1613262]\n- [scsi] qla2xxx: Fix memory leak for allocating abort IOCB (Himanshu Madhani) [1609890]\n- [scsi] hpsa: correct enclosure sas address (Joseph Szczypek) [1613021]\n- [scsi] lpfc: Remove lpfc_enable_pbde as module parameter (Dick Kennedy) [1613975]\n- [scsi] lpfc: Fix list corruption on the completion queue (Dick Kennedy) [1554777]\n- [scsi] lpfc: Fix driver crash when re-registering NVME rports (Dick Kennedy) [1613955]\n- [scsi] lpfc: Correct LCB ACCept payload (Dick Kennedy) [1613959]\n- [x86] boot/kaslr: Skip specified number of 1GB huge pages when doing physical randomization (KASLR) (Baoquan He) [1451428]\n- [x86] boot/kaslr: Add two new functions for 1GB huge pages handling (Baoquan He) [1451428]\n- [x86] platform/uv: Add kernel parameter to set memory block size (Frank Ramsay) [1595892]\n- [x86] platform/uv: Use new set memory block size function (Frank Ramsay) [1595892]\n- [x86] platform/uv: Add adjustable set memory block size function (Frank Ramsay) [1595892]\n[3.10.0-937]\n- [fs] dax: use __pagevec_lookup in dax_layout_busy_page (Eric Sandeen) [1505291]\n- [fs] cifs: Fix slab-out-of-bounds in send_set_info() on SMB2 ACE setting (Leif Sahlberg) [1598765]\n- [fs] libceph: weaken sizeof check in ceph_x_verify_authorizer_reply() (Ilya Dryomov) [1614858]\n- [fs] libceph: check authorizer reply/challenge length before reading (Ilya Dryomov) [1614858]\n- [fs] libceph: implement CEPHX_V2 calculation mode (Ilya Dryomov) [1614858]\n- [fs] libceph: add authorizer challenge (Ilya Dryomov) [1614858]\n- [fs] libceph: factor out encrypt_authorizer() (Ilya Dryomov) [1614858]\n- [fs] libceph: factor out __ceph_x_decrypt() (Ilya Dryomov) [1614858]\n- [fs] libceph: factor out __prepare_write_connect() (Ilya Dryomov) [1614858]\n- [fs] libceph: store ceph_auth_handshake pointer in ceph_connection (Ilya Dryomov) [1614858]\n- [fs] nfsv4.0: Remove transport protocol name from non-UCS client ID (Steve Dickson) [1592911]\n- [fs] nfsv4.0: Remove cl_ipaddr from non-UCS client ID (Steve Dickson) [1592911]\n- [fs] aio: properly check iovec sizes (Jeff Moyer) [1337518] {CVE-2015-8830}\n- [fs] cifs: fix up section mismatch (Jeff Moyer) [1609877]\n- [fs] skip LAYOUTRETURN if layout is invalid (Steve Dickson) [1589995]\n- [fs] gfs2: Special-case rindex for gfs2_grow (Andreas Grunbacher) [1608687]\n- [fs] ext4: Fix WARN_ON_ONCE in ext4_commit_super() (Lukas Czerner) [1596766]\n- [fs] cachefiles: Wait rather than BUG'ing on Unexpected object collision (David Howells) [1356390]\n- [fs] cachefiles: Fix missing clear of the CACHEFILES_OBJECT_ACTIVE flag (David Howells) [1356390]\n- [fs] fscache: Fix reference overput in fscache_attach_object() error handling (David Howells) [1356390]\n- [fs] cachefiles: Fix refcounting bug in backing-file read monitoring (David Howells) [1356390]\n- [fs] fscache: Allow cancelled operations to be enqueued (David Howells) [1356390]\n- [fs] ext4: avoid running out of journal credits when appending to an inline file (Lukas Czerner) [1609759] {CVE-2018-10883}\n- [fs] jbd2: don't mark block as modified if the handle is out of credits (Lukas Czerner) [1609759] {CVE-2018-10883}\n- [fs] ext4: check for allocation block validity with block group locked (Lukas Czerner) [1597702]\n- [fs] ext4: fix check to prevent initializing reserved inodes (Lukas Czerner) [1597702]\n- [fs] ext4: fix false negatives *and* false positives in ext4_check_descriptors() (Lukas Czerner) [1597702]\n- [fs] ext4: add more mount time checks of the superblock (Lukas Czerner) [1597702]\n- [fs] ext4: fix bitmap position validation (Lukas Czerner) [1597702]\n- [fs] ext4: add more inode number paranoia checks (Lukas Czerner) [1597702]\n- [fs] ext4: clear i_data in ext4_inode_info when removing inline data (Lukas Czerner) [1597702]\n- [fs] ext4: include the illegal physical block in the bad map ext4_error msg (Lukas Czerner) [1597702]\n- [fs] ext4: verify the depth of extent tree in ext4_find_extent() (Lukas Czerner) [1597702]\n- [fs] ext4: only look at the bg_flags field if it is valid (Lukas Czerner) [1597702]\n- [fs] ext4: don't update checksum of new initialized bitmaps (Lukas Czerner) [1597702]\n- [fs] ext4: add validity checks for bitmap block numbers (Lukas Czerner) [1597702]\n- [fs] ext4: make sure bitmaps and the inode table don't overlap with bg descriptors (Lukas Czerner) [1597702]\n- [fs] ext4: always check block group bounds in ext4_init_block_bitmap() (Lukas Czerner) [1597702]\n- [fs] ext4: always verify the magic number in xattr blocks (Lukas Czerner) [1597702]\n- [fs] ext4: add corruption check in ext4_xattr_set_entry() (Lukas Czerner) [1597702]\n- [net] netlink: make sure -EBUSY won't escape from netlink_insert (Davide Caratti) [1608701]\n- [net] netfilter: nf_conntrack: don't resize NULL or freed hashtable (Davide Caratti) [1601662]\n- [net] ethtool: Ensure new ring parameters are within bounds during SRINGPARAM (Ivan Vecera) [1608318]\n- [net] ipv6: make DAD fail with enhanced DAD when nonce length differs (Jarod Wilson) [1608002]\n- [net] ipv6: allow userspace to add IFA_F_OPTIMISTIC addresses (Jarod Wilson) [1608002]\n- [net] ipv6: send unsolicited NA after DAD (Jarod Wilson) [1608002]\n- [net] ipv6: display hw address of source machine during ipv6 DAD failure (Jarod Wilson) [1608002]\n- [net] ipv6: send NS for DAD when link operationally up (Jarod Wilson) [1608002]\n- [net] ipv6: avoid dad-failures for addresses with NODAD (Jarod Wilson) [1608002]\n- [net] ipv6: send unsolicited NA if enabled for all interfaces (Jarod Wilson) [1608002]\n- [net] ipv6: send unsolicited NA on admin up (Jarod Wilson) [1608002]\n- [net] ipv6: addrconf: fix generation of new temporary addresses (Jarod Wilson) [1608002]\n- [net] ipv6: addrconf: Implemented enhanced DAD (RFC7527) (Jarod Wilson) [1608002]", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-11-05T00:00:00", "type": "oraclelinux", "title": "kernel security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8830", "CVE-2016-4913", "CVE-2017-0861", "CVE-2017-10661", "CVE-2017-17805", "CVE-2017-18208", "CVE-2017-18232", "CVE-2017-18344", "CVE-2018-1000026", "CVE-2018-10322", "CVE-2018-10878", "CVE-2018-10879", "CVE-2018-10881", "CVE-2018-10883", "CVE-2018-10902", "CVE-2018-1092", "CVE-2018-1094", "CVE-2018-10940", "CVE-2018-1118", "CVE-2018-1120", "CVE-2018-1130", "CVE-2018-13405", "CVE-2018-14634", "CVE-2018-5344", "CVE-2018-5391", "CVE-2018-5803", "CVE-2018-5848", "CVE-2018-7740", "CVE-2018-7757", "CVE-2018-8781"], "modified": "2018-11-05T00:00:00", "id": "ELSA-2018-3083", "href": "http://linux.oracle.com/errata/ELSA-2018-3083.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "debian": [{"lastseen": "2021-10-21T21:28:00", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4187-1 security@debian.org\nhttps://www.debian.org/security/ Ben Hutchings\nMay 01, 2018 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : linux\nCVE ID : CVE-2015-9016 CVE-2017-0861 CVE-2017-5715 CVE-2017-5753\n CVE-2017-13166 CVE-2017-13220 CVE-2017-16526 CVE-2017-16911\n CVE-2017-16912 CVE-2017-16913 CVE-2017-16914 CVE-2017-18017\n CVE-2017-18203 CVE-2017-18216 CVE-2017-18232 CVE-2017-18241\n CVE-2018-1066 CVE-2018-1068 CVE-2018-1092 CVE-2018-5332\n CVE-2018-5333 CVE-2018-5750 CVE-2018-5803 CVE-2018-6927\n CVE-2018-7492 CVE-2018-7566 CVE-2018-7740 CVE-2018-7757\n CVE-2018-7995 CVE-2018-8781 CVE-2018-8822 CVE-2018-1000004\n CVE-2018-1000199\n\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2015-9016\n\n Ming Lei reported a race condition in the multiqueue block layer\n (blk-mq). On a system with a driver using blk-mq (mtip32xx,\n null_blk, or virtio_blk), a local user might be able to use this\n for denial of service or possibly for privilege escalation.\n\nCVE-2017-0861\n\n Robb Glasser reported a potential use-after-free in the ALSA (sound)\n PCM core. We believe this was not possible in practice.\n\nCVE-2017-5715\n\n Multiple researchers have discovered a vulnerability in various\n processors supporting speculative execution, enabling an attacker\n controlling an unprivileged process to read memory from arbitrary\n addresses, including from the kernel and all other processes\n running on the system.\n\n This specific attack has been named Spectre variant 2 (branch\n target injection) and is mitigated for the x86 architecture (amd64\n and i386) by using the &quot;retpoline&quot; compiler feature which allows\n indirect branches to be isolated from speculative execution.\n\nCVE-2017-5753\n\n Multiple researchers have discovered a vulnerability in various\n processors supporting speculative execution, enabling an attacker\n controlling an unprivileged process to read memory from arbitrary\n addresses, including from the kernel and all other processes\n running on the system.\n\n This specific attack has been named Spectre variant 1\n (bounds-check bypass) and is mitigated by identifying vulnerable\n code sections (array bounds checking followed by array access) and\n replacing the array access with the speculation-safe\n array_index_nospec() function.\n\n More use sites will be added over time.\n\nCVE-2017-13166\n\n A bug in the 32-bit compatibility layer of the v4l2 ioctl handling\n code has been found. Memory protections ensuring user-provided\n buffers always point to userland memory were disabled, allowing\n destination addresses to be in kernel space. On a 64-bit kernel a\n local user with access to a suitable video device can exploit this\n to overwrite kernel memory, leading to privilege escalation.\n\nCVE-2017-13220\n\n Al Viro reported that the Bluetooth HIDP implementation could\n dereference a pointer before performing the necessary type check.\n A local user could use this to cause a denial of service.\n\nCVE-2017-16526\n\n Andrey Konovalov reported that the UWB subsystem may dereference\n an invalid pointer in an error case. A local user might be able\n to use this for denial of service.\n\nCVE-2017-16911\n\n Secunia Research reported that the USB/IP vhci_hcd driver exposed\n kernel heap addresses to local users. This information could aid the\n exploitation of other vulnerabilities.\n\nCVE-2017-16912\n\n Secunia Research reported that the USB/IP stub driver failed to\n perform a range check on a received packet header field, leading\n to an out-of-bounds read. A remote user able to connect to the\n USB/IP server could use this for denial of service.\n\nCVE-2017-16913\n\n Secunia Research reported that the USB/IP stub driver failed to\n perform a range check on a received packet header field, leading\n to excessive memory allocation. A remote user able to connect to\n the USB/IP server could use this for denial of service.\n\nCVE-2017-16914\n\n Secunia Research reported that the USB/IP stub driver failed to\n check for an invalid combination of fields in a received packet,\n leading to a null pointer dereference. A remote user able to\n connect to the USB/IP server could use this for denial of service.\n\nCVE-2017-18017\n\n Denys Fedoryshchenko reported that the netfilter xt_TCPMSS module\n failed to validate TCP header lengths, potentially leading to a\n use-after-free. If this module is loaded, it could be used by a\n remote attacker for denial of service or possibly for code\n execution.\n\nCVE-2017-18203\n\n Hou Tao reported that there was a race condition in creation and\n deletion of device-mapper (DM) devices. A local user could\n potentially use this for denial of service.\n\nCVE-2017-18216\n\n Alex Chen reported that the OCFS2 filesystem failed to hold a\n necessary lock during nodemanager sysfs file operations,\n potentially leading to a null pointer dereference. A local user\n could use this for denial of service.\n\nCVE-2017-18232\n\n Jason Yan reported a race condition in the SAS (Serial-Attached\n SCSI) subsystem, between probing and destroying a port. This\n could lead to a deadlock. A physically present attacker could\n use this to cause a denial of service.\n\nCVE-2017-18241\n\n Yunlei He reported that the f2fs implementation does not properly\n initialise its state if the &quot;noflush_merge&quot; mount option is used.\n A local user with access to a filesystem mounted with this option\n could use this to cause a denial of service.\n\nCVE-2018-1066\n\n Dan Aloni reported to Red Hat that the CIFS client implementation\n would dereference a null pointer if the server sent an invalid\n response during NTLMSSP setup negotiation. This could be used\n by a malicious server for denial of service.\n\nCVE-2018-1068\n\n The syzkaller tool found that the 32-bit compatibility layer of\n ebtables did not sufficiently validate offset values. On a 64-bit\n kernel, a local user with the CAP_NET_ADMIN capability (in any user\n namespace) could use this to overwrite kernel memory, possibly\n leading to privilege escalation. Debian disables unprivileged user\n namespaces by default.\n\nCVE-2018-1092\n\n Wen Xu reported that a crafted ext4 filesystem image would\n trigger a null dereference when mounted. A local user able\n to mount arbitrary filesystems could use this for denial of\n service.\n\nCVE-2018-5332\n\n Mohamed Ghannam reported that the RDS protocol did not\n sufficiently validate RDMA requests, leading to an out-of-bounds\n write. A local attacker on a system with the rds module loaded\n could use this for denial of service or possibly for privilege\n escalation.\n\nCVE-2018-5333\n\n Mohamed Ghannam reported that the RDS protocol did not properly\n handle an error case, leading to a null pointer dereference. A\n local attacker on a system with the rds module loaded could\n possibly use this for denial of service.\n\nCVE-2018-5750\n\n Wang Qize reported that the ACPI sbshc driver logged a kernel heap\n address. This information could aid the exploitation of other\n vulnerabilities.\n\nCVE-2018-5803\n\n Alexey Kodanev reported that the SCTP protocol did not range-check\n the length of chunks to be created. A local or remote user could\n use this to cause a denial of service.\n\nCVE-2018-6927\n\n Li Jinyue reported that the FUTEX_REQUEUE operation on futexes did\n not check for negative parameter values, which might lead to a\n denial of service or other security impact.\n\nCVE-2018-7492\n\n The syzkaller tool found that the RDS protocol was lacking a null\n pointer check. A local attacker on a system with the rds module\n loaded could use this for denial of service.\n\nCVE-2018-7566\n\n Fan LongFei reported a race condition in the ALSA (sound)\n sequencer core, between write and ioctl operations. This could\n lead to an out-of-bounds access or use-after-free. A local user\n with access to a sequencer device could use this for denial of\n service or possibly for privilege escalation.\n\nCVE-2018-7740\n\n Nic Losby reported that the hugetlbfs filesystem&#x27;s mmap operation\n did not properly range-check the file offset. A local user with\n access to files on a hugetlbfs filesystem could use this to cause\n a denial of service.\n\nCVE-2018-7757\n\n Jason Yan reported a memory leak in the SAS (Serial-Attached\n SCSI) subsystem. A local user on a system with SAS devices\n could use this to cause a denial of service.\n\nCVE-2018-7995\n\n Seunghun Han reported a race condition in the x86 MCE\n (Machine Check Exception) driver. This is unlikely to have\n any security impact.\n\nCVE-2018-8781\n\n Eyal Itkin reported that the udl (DisplayLink) driver&#x27;s mmap\n operation did not properly range-check the file offset. A local\n user with access to a udl framebuffer device could exploit this to\n overwrite kernel memory, leading to privilege escalation.\n\nCVE-2018-8822\n\n Dr Silvio Cesare of InfoSect reported that the ncpfs client\n implementation did not validate reply lengths from the server. An\n ncpfs server could use this to cause a denial of service or\n remote code execution in the client.\n\nCVE-2018-1000004\n\n Luo Quan reported a race condition in the ALSA (sound) sequencer\n core, between multiple ioctl operations. This could lead to a\n deadlock or use-after-free. A local user with access to a\n sequencer device could use this for denial of service or possibly\n for privilege escalation.\n\nCVE-2018-1000199\n\n Andy Lutomirski discovered that the ptrace subsystem did not\n sufficiently validate hardware breakpoint settings. Local users\n can use this to cause a denial of service, or possibly for\n privilege escalation, on x86 (amd64 and i386) and possibly other\n architectures.\n\nFor the oldstable distribution (jessie), these problems have been fixed\nin version 3.16.56-1.\n\nWe recommend that you upgrade your linux packages.\n\nFor the detailed security status of linux please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/linux\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-05-01T17:12:02", "type": "debian", "title": "[SECURITY] [DSA 4187-1] linux security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-9016", "CVE-2017-0861", "CVE-2017-13166", "CVE-2017-13220", "CVE-2017-16526", "CVE-2017-16911", "CVE-2017-16912", "CVE-2017-16913", "CVE-2017-16914", "CVE-2017-18017", "CVE-2017-18203", "CVE-2017-18216", "CVE-2017-18232", "CVE-2017-18241", "CVE-2017-5715", "CVE-2017-5753", "CVE-2018-1000004", "CVE-2018-1000199", "CVE-2018-1066", "CVE-2018-1068", "CVE-2018-1092", "CVE-2018-5332", "CVE-2018-5333", "CVE-2018-5750", "CVE-2018-5803", "CVE-2018-6927", "CVE-2018-7492", "CVE-2018-7566", "CVE-2018-7740", "CVE-2018-7757", "CVE-2018-7995", "CVE-2018-8781", "CVE-2018-8822"], "modified": "2018-05-01T17:12:02", "id": "DEBIAN:DSA-4187-1:E8170", "href": "https://lists.debian.org/debian-security-announce/2018/msg00115.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-24T11:48:44", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4187-1 security@debian.org\nhttps://www.debian.org/security/ Ben Hutchings\nMay 01, 2018 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : linux\nCVE ID : CVE-2015-9016 CVE-2017-0861 CVE-2017-5715 CVE-2017-5753\n CVE-2017-13166 CVE-2017-13220 CVE-2017-16526 CVE-2017-16911\n CVE-2017-16912 CVE-2017-16913 CVE-2017-16914 CVE-2017-18017\n CVE-2017-18203 CVE-2017-18216 CVE-2017-18232 CVE-2017-18241\n CVE-2018-1066 CVE-2018-1068 CVE-2018-1092 CVE-2018-5332\n CVE-2018-5333 CVE-2018-5750 CVE-2018-5803 CVE-2018-6927\n CVE-2018-7492 CVE-2018-7566 CVE-2018-7740 CVE-2018-7757\n CVE-2018-7995 CVE-2018-8781 CVE-2018-8822 CVE-2018-1000004\n CVE-2018-1000199\n\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2015-9016\n\n Ming Lei reported a race condition in the multiqueue block layer\n (blk-mq). On a system with a driver using blk-mq (mtip32xx,\n null_blk, or virtio_blk), a local user might be able to use this\n for denial of service or possibly for privilege escalation.\n\nCVE-2017-0861\n\n Robb Glasser reported a potential use-after-free in the ALSA (sound)\n PCM core. We believe this was not possible in practice.\n\nCVE-2017-5715\n\n Multiple researchers have discovered a vulnerability in various\n processors supporting speculative execution, enabling an attacker\n controlling an unprivileged process to read memory from arbitrary\n addresses, including from the kernel and all other processes\n running on the system.\n\n This specific attack has been named Spectre variant 2 (branch\n target injection) and is mitigated for the x86 architecture (amd64\n and i386) by using the &quot;retpoline&quot; compiler feature which allows\n indirect branches to be isolated from speculative execution.\n\nCVE-2017-5753\n\n Multiple researchers have discovered a vulnerability in various\n processors supporting speculative execution, enabling an attacker\n controlling an unprivileged process to read memory from arbitrary\n addresses, including from the kernel and all other processes\n running on the system.\n\n This specific attack has been named Spectre variant 1\n (bounds-check bypass) and is mitigated by identifying vulnerable\n code sections (array bounds checking followed by array access) and\n replacing the array access with the speculation-safe\n array_index_nospec() function.\n\n More use sites will be added over time.\n\nCVE-2017-13166\n\n A bug in the 32-bit compatibility layer of the v4l2 ioctl handling\n code has been found. Memory protections ensuring user-provided\n buffers always point to userland memory were disabled, allowing\n destination addresses to be in kernel space. On a 64-bit kernel a\n local user with access to a suitable video device can exploit this\n to overwrite kernel memory, leading to privilege escalation.\n\nCVE-2017-13220\n\n Al Viro reported that the Bluetooth HIDP implementation could\n dereference a pointer before performing the necessary type check.\n A local user could use this to cause a denial of service.\n\nCVE-2017-16526\n\n Andrey Konovalov reported that the UWB subsystem may dereference\n an invalid pointer in an error case. A local user might be able\n to use this for denial of service.\n\nCVE-2017-16911\n\n Secunia Research reported that the USB/IP vhci_hcd driver exposed\n kernel heap addresses to local users. This information could aid the\n exploitation of other vulnerabilities.\n\nCVE-2017-16912\n\n Secunia Research reported that the USB/IP stub driver failed to\n perform a range check on a received packet header field, leading\n to an out-of-bounds read. A remote user able to connect to the\n USB/IP server could use this for denial of service.\n\nCVE-2017-16913\n\n Secunia Research reported that the USB/IP stub driver failed to\n perform a range check on a received packet header field, leading\n to excessive memory allocation. A remote user able to connect to\n the USB/IP server could use this for denial of service.\n\nCVE-2017-16914\n\n Secunia Research reported that the USB/IP stub driver failed to\n check for an invalid combination of fields in a received packet,\n leading to a null pointer dereference. A remote user able to\n connect to the USB/IP server could use this for denial of service.\n\nCVE-2017-18017\n\n Denys Fedoryshchenko reported that the netfilter xt_TCPMSS module\n failed to validate TCP header lengths, potentially leading to a\n use-after-free. If this module is loaded, it could be used by a\n remote attacker for denial of service or possibly for code\n execution.\n\nCVE-2017-18203\n\n Hou Tao reported that there was a race condition in creation and\n deletion of device-mapper (DM) devices. A local user could\n potentially use this for denial of service.\n\nCVE-2017-18216\n\n Alex Chen reported that the OCFS2 filesystem failed to hold a\n necessary lock during nodemanager sysfs file operations,\n potentially leading to a null pointer dereference. A local user\n could use this for denial of service.\n\nCVE-2017-18232\n\n Jason Yan reported a race condition in the SAS (Serial-Attached\n SCSI) subsystem, between probing and destroying a port. This\n could lead to a deadlock. A physically present attacker could\n use this to cause a denial of service.\n\nCVE-2017-18241\n\n Yunlei He reported that the f2fs implementation does not properly\n initialise its state if the &quot;noflush_merge&quot; mount option is used.\n A local user with access to a filesystem mounted with this option\n could use this to cause a denial of service.\n\nCVE-2018-1066\n\n Dan Aloni reported to Red Hat that the CIFS client implementation\n would dereference a null pointer if the server sent an invalid\n response during NTLMSSP setup negotiation. This could be used\n by a malicious server for denial of service.\n\nCVE-2018-1068\n\n The syzkaller tool found that the 32-bit compatibility layer of\n ebtables did not sufficiently validate offset values. On a 64-bit\n kernel, a local user with the CAP_NET_ADMIN capability (in any user\n namespace) could use this to overwrite kernel memory, possibly\n leading to privilege escalation. Debian disables unprivileged user\n namespaces by default.\n\nCVE-2018-1092\n\n Wen Xu reported that a crafted ext4 filesystem image would\n trigger a null dereference when mounted. A local user able\n to mount arbitrary filesystems could use this for denial of\n service.\n\nCVE-2018-5332\n\n Mohamed Ghannam reported that the RDS protocol did not\n sufficiently validate RDMA requests, leading to an out-of-bounds\n write. A local attacker on a system with the rds module loaded\n could use this for denial of service or possibly for privilege\n escalation.\n\nCVE-2018-5333\n\n Mohamed Ghannam reported that the RDS protocol did not properly\n handle an error case, leading to a null pointer dereference. A\n local attacker on a system with the rds module loaded could\n possibly use this for denial of service.\n\nCVE-2018-5750\n\n Wang Qize reported that the ACPI sbshc driver logged a kernel heap\n address. This information could aid the exploitation of other\n vulnerabilities.\n\nCVE-2018-5803\n\n Alexey Kodanev reported that the SCTP protocol did not range-check\n the length of chunks to be created. A local or remote user could\n use this to cause a denial of service.\n\nCVE-2018-6927\n\n Li Jinyue reported that the FUTEX_REQUEUE operation on futexes did\n not check for negative parameter values, which might lead to a\n denial of service or other security impact.\n\nCVE-2018-7492\n\n The syzkaller tool found that the RDS protocol was lacking a null\n pointer check. A local attacker on a system with the rds module\n loaded could use this for denial of service.\n\nCVE-2018-7566\n\n Fan LongFei reported a race condition in the ALSA (sound)\n sequencer core, between write and ioctl operations. This could\n lead to an out-of-bounds access or use-after-free. A local user\n with access to a sequencer device could use this for denial of\n service or possibly for privilege escalation.\n\nCVE-2018-7740\n\n Nic Losby reported that the hugetlbfs filesystem&#x27;s mmap operation\n did not properly range-check the file offset. A local user with\n access to files on a hugetlbfs filesystem could use this to cause\n a denial of service.\n\nCVE-2018-7757\n\n Jason Yan reported a memory leak in the SAS (Serial-Attached\n SCSI) subsystem. A local user on a system with SAS devices\n could use this to cause a denial of service.\n\nCVE-2018-7995\n\n Seunghun Han reported a race condition in the x86 MCE\n (Machine Check Exception) driver. This is unlikely to have\n any security impact.\n\nCVE-2018-8781\n\n Eyal Itkin reported that the udl (DisplayLink) driver&#x27;s mmap\n operation did not properly range-check the file offset. A local\n user with access to a udl framebuffer device could exploit this to\n overwrite kernel memory, leading to privilege escalation.\n\nCVE-2018-8822\n\n Dr Silvio Cesare of InfoSect reported that the ncpfs client\n implementation did not validate reply lengths from the server. An\n ncpfs server could use this to cause a denial of service or\n remote code execution in the client.\n\nCVE-2018-1000004\n\n Luo Quan reported a race condition in the ALSA (sound) sequencer\n core, between multiple ioctl operations. This could lead to a\n deadlock or use-after-free. A local user with access to a\n sequencer device could use this for denial of service or possibly\n for privilege escalation.\n\nCVE-2018-1000199\n\n Andy Lutomirski discovered that the ptrace subsystem did not\n sufficiently validate hardware breakpoint settings. Local users\n can use this to cause a denial of service, or possibly for\n privilege escalation, on x86 (amd64 and i386) and possibly other\n architectures.\n\nFor the oldstable distribution (jessie), these problems have been fixed\nin version 3.16.56-1.\n\nWe recommend that you upgrade your linux packages.\n\nFor the detailed security status of linux please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/linux\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-05-01T17:12:02", "type": "debian", "title": "[SECURITY] [DSA 4187-1] linux security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-9016", "CVE-2017-0861", "CVE-2017-13166", "CVE-2017-13220", "CVE-2017-16526", "CVE-2017-16911", "CVE-2017-16912", "CVE-2017-16913", "CVE-2017-16914", "CVE-2017-18017", "CVE-2017-18203", "CVE-2017-18216", "CVE-2017-18232", "CVE-2017-18241", "CVE-2017-5715", "CVE-2017-5753", "CVE-2018-1000004", "CVE-2018-1000199", "CVE-2018-1066", "CVE-2018-1068", "CVE-2018-1092", "CVE-2018-5332", "CVE-2018-5333", "CVE-2018-5750", "CVE-2018-5803", "CVE-2018-6927", "CVE-2018-7492", "CVE-2018-7566", "CVE-2018-7740", "CVE-2018-7757", "CVE-2018-7995", "CVE-2018-8781", "CVE-2018-8822"], "modified": "2018-05-01T17:12:02", "id": "DEBIAN:DSA-4187-1:481CA", "href": "https://lists.debian.org/debian-security-announce/2018/msg00115.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "osv": [{"lastseen": "2022-07-21T08:24:01", "description": "\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\n\n* [CVE-2015-9016](https://security-tracker.debian.org/tracker/CVE-2015-9016)\nMing Lei reported a race condition in the multiqueue block layer\n (blk-mq). On a system with a driver using blk-mq (mtip32xx,\n null\\_blk, or virtio\\_blk), a local user might be able to use this\n for denial of service or possibly for privilege escalation.\n* [CVE-2017-0861](https://security-tracker.debian.org/tracker/CVE-2017-0861)\nRobb Glasser reported a potential use-after-free in the ALSA (sound)\n PCM core. We believe this was not possible in practice.\n* [CVE-2017-5715](https://security-tracker.debian.org/tracker/CVE-2017-5715)\nMultiple researchers have discovered a vulnerability in various\n processors supporting speculative execution, enabling an attacker\n controlling an unprivileged process to read memory from arbitrary\n addresses, including from the kernel and all other processes\n running on the system.\n\n\nThis specific attack has been named Spectre variant 2 (branch\n target injection) and is mitigated for the x86 architecture (amd64\n and i386) by using the retpoline compiler feature which allows\n indirect branches to be isolated from speculative execution.\n* [CVE-2017-5753](https://security-tracker.debian.org/tracker/CVE-2017-5753)\nMultiple researchers have discovered a vulnerability in various\n processors supporting speculative execution, enabling an attacker\n controlling an unprivileged process to read memory from arbitrary\n addresses, including from the kernel and all other processes\n running on the system.\n\n\nThis specific attack has been named Spectre variant 1\n (bounds-check bypass) and is mitigated by identifying vulnerable\n code sections (array bounds checking followed by array access) and\n replacing the array access with the speculation-safe\n array\\_index\\_nospec() function.\n\n\nMore use sites will be added over time.\n* [CVE-2017-13166](https://security-tracker.debian.org/tracker/CVE-2017-13166)\nA bug in the 32-bit compatibility layer of the v4l2 ioctl handling\n code has been found. Memory protections ensuring user-provided\n buffers always point to userland memory were disabled, allowing\n destination addresses to be in kernel space. On a 64-bit kernel a\n local user with access to a suitable video device can exploit this\n to overwrite kernel memory, leading to privilege escalation.\n* [CVE-2017-13220](https://security-tracker.debian.org/tracker/CVE-2017-13220)\nAl Viro reported that the Bluetooth HIDP implementation could\n dereference a pointer before performing the necessary type check.\n A local user could use this to cause a denial of service.\n* [CVE-2017-16526](https://security-tracker.debian.org/tracker/CVE-2017-16526)\nAndrey Konovalov reported that the UWB subsystem may dereference\n an invalid pointer in an error case. A local user might be able\n to use this for denial of service.\n* [CVE-2017-16911](https://security-tracker.debian.org/tracker/CVE-2017-16911)\nSecunia Research reported that the USB/IP vhci\\_hcd driver exposed\n kernel heap addresses to local users. This information could aid the\n exploitation of other vulnerabilities.\n* [CVE-2017-16912](https://security-tracker.debian.org/tracker/CVE-2017-16912)\nSecunia Research reported that the USB/IP stub driver failed to\n perform a range check on a received packet header field, leading\n to an out-of-bounds read. A remote user able to connect to the\n USB/IP server could use this for denial of service.\n* [CVE-2017-16913](https://security-tracker.debian.org/tracker/CVE-2017-16913)\nSecunia Research reported that the USB/IP stub driver failed to\n perform a range check on a received packet header field, leading\n to excessive memory allocation. A remote user able to connect to\n the USB/IP server could use this for denial of service.\n* [CVE-2017-16914](https://security-tracker.debian.org/tracker/CVE-2017-16914)\nSecunia Research reported that the USB/IP stub driver failed to\n check for an invalid combination of fields in a received packet,\n leading to a null pointer dereference. A remote user able to\n connect to the USB/IP server could use this for denial of service.\n* [CVE-2017-18017](https://security-tracker.debian.org/tracker/CVE-2017-18017)\nDenys Fedoryshchenko reported that the netfilter xt\\_TCPMSS module\n failed to validate TCP header lengths, potentially leading to a\n use-after-free. If this module is loaded, it could be used by a\n remote attacker for denial of service or possibly for code\n execution.\n* [CVE-2017-18203](https://security-tracker.debian.org/tracker/CVE-2017-18203)\nHou Tao reported that there was a race condition in creation and\n deletion of device-mapper (DM) devices. A local user could\n potentially use this for denial of service.\n* [CVE-2017-18216](https://security-tracker.debian.org/tracker/CVE-2017-18216)\nAlex Chen reported that the OCFS2 filesystem failed to hold a\n necessary lock during nodemanager sysfs file operations,\n potentially leading to a null pointer dereference. A local user\n could use this for denial of service.\n* [CVE-2017-18232](https://security-tracker.debian.org/tracker/CVE-2017-18232)\nJason Yan reported a race condition in the SAS (Serial-Attached\n SCSI) subsystem, between probing and destroying a port. This\n could lead to a deadlock. A physically present attacker could\n use this to cause a denial of service.\n* [CVE-2017-18241](https://security-tracker.debian.org/tracker/CVE-2017-18241)\nYunlei He reported that the f2fs implementation does not properly\n initialise its state if the noflush\\_merge mount option is used.\n A local user with access to a filesystem mounted with this option\n could use this to cause a denial of service.\n* [CVE-2018-1066](https://security-tracker.debian.org/tracker/CVE-2018-1066)\nDan Aloni reported to Red Hat that the CIFS client implementation\n would dereference a null pointer if the server sent an invalid\n response during NTLMSSP setup negotiation. This could be used\n by a malicious server for denial of service.\n* [CVE-2018-1068](https://security-tracker.debian.org/tracker/CVE-2018-1068)\nThe syzkaller tool found that the 32-bit compatibility layer of\n ebtables did not sufficiently validate offset values. On a 64-bit\n kernel, a local user with the CAP\\_NET\\_ADMIN capability (in any user\n namespace) could use this to overwrite kernel memory, possibly\n leading to privilege escalation. Debian disables unprivileged user\n namespaces by default.\n* [CVE-2018-1092](https://security-tracker.debian.org/tracker/CVE-2018-1092)\nWen Xu reported that a crafted ext4 filesystem image would\n trigger a null dereference when mounted. A local user able\n to mount arbitrary filesystems could use this for denial of\n service.\n* [CVE-2018-5332](https://security-tracker.debian.org/tracker/CVE-2018-5332)\nMohamed Ghannam reported that the RDS protocol did not\n sufficiently validate RDMA requests, leading to an out-of-bounds\n write. A local attacker on a system with the rds module loaded\n could use this for denial of service or possibly for privilege\n escalation.\n* [CVE-2018-5333](https://security-tracker.debian.org/tracker/CVE-2018-5333)\nMohamed Ghannam reported that the RDS protocol did not properly\n handle an error case, leading to a null pointer dereference. A\n local attacker on a system with the rds module loaded could\n possibly use this for denial of service.\n* [CVE-2018-5750](https://security-tracker.debian.org/tracker/CVE-2018-5750)\nWang Qize reported that the ACPI sbshc driver logged a kernel heap\n address. This information could aid the exploitation of other\n vulnerabilities.\n* [CVE-2018-5803](https://security-tracker.debian.org/tracker/CVE-2018-5803)\nAlexey Kodanev reported that the SCTP protocol did not range-check\n the length of chunks to be created. A local or remote user could\n use this to cause a denial of service.\n* [CVE-2018-6927](https://security-tracker.debian.org/tracker/CVE-2018-6927)\nLi Jinyue reported that the FUTEX\\_REQUEUE operation on futexes did\n not check for negative parameter values, which might lead to a\n denial of service or other security impact.\n* [CVE-2018-7492](https://security-tracker.debian.org/tracker/CVE-2018-7492)\nThe syzkaller tool found that the RDS protocol was lacking a null\n pointer check. A local attacker on a system with the rds module\n loaded could use this for denial of service.\n* [CVE-2018-7566](https://security-tracker.debian.org/tracker/CVE-2018-7566)\nFan LongFei reported a race condition in the ALSA (sound)\n sequencer core, between write and ioctl operations. This could\n lead to an out-of-bounds access or use-after-free. A local user\n with access to a sequencer device could use this for denial of\n service or possibly for privilege escalation.\n* [CVE-2018-7740](https://security-tracker.debian.org/tracker/CVE-2018-7740)\nNic Losby reported that the hugetlbfs filesystem's mmap operation\n did not properly range-check the file offset. A local user with\n access to files on a hugetlbfs filesystem could use this to cause\n a denial of service.\n* [CVE-2018-7757](https://security-tracker.debian.org/tracker/CVE-2018-7757)\nJason Yan reported a memory leak in the SAS (Serial-Attached\n SCSI) subsystem. A local user on a system with SAS devices\n could use this to cause a denial of service.\n* [CVE-2018-7995](https://security-tracker.debian.org/tracker/CVE-2018-7995)\nSeunghun Han reported a race condition in the x86 MCE\n (Machine Check Exception) driver. This is unlikely to have\n any security impact.\n* [CVE-2018-8781](https://security-tracker.debian.org/tracker/CVE-2018-8781)\nEyal Itkin reported that the udl (DisplayLink) driver's mmap\n operation did not properly range-check the file offset. A local\n user with access to a udl framebuffer device could exploit this to\n overwrite kernel memory, leading to privilege escalation.\n* [CVE-2018-8822](https://security-tracker.debian.org/tracker/CVE-2018-8822)\nDr Silvio Cesare of InfoSect reported that the ncpfs client\n implementation did not validate reply lengths from the server. An\n ncpfs server could use this to cause a denial of service or\n remote code execution in the client.\n* [CVE-2018-1000004](https://security-tracker.debian.org/tracker/CVE-2018-1000004)\nLuo Quan reported a race condition in the ALSA (sound) sequencer\n core, between multiple ioctl operations. This could lead to a\n deadlock or use-after-free. A local user with access to a\n sequencer device could use this for denial of service or possibly\n for privilege escalation.\n* [CVE-2018-1000199](https://security-tracker.debian.org/tracker/CVE-2018-1000199)\nAndy Lutomirski discovered that the ptrace subsystem did not\n sufficiently validate hardware breakpoint settings. Local users\n can use this to cause a denial of service, or possibly for\n privilege escalation, on x86 (amd64 and i386) and possibly other\n architectures.\n\n\nFor the oldstable distribution (jessie), these problems have been fixed\nin version 3.16.56-1.\n\n\nWe recommend that you upgrade your linux packages.\n\n\nFor the detailed security status of linux please refer to its security\ntracker page at:\n[\\\nhttps://security-tracker.debian.org/tracker/linux](https://security-tracker.debian.org/tracker/linux)\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2018-05-01T00:00:00", "type": "osv", "title": "linux - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-8822", "CVE-2017-5753", "CVE-2017-16913", "CVE-2018-1000004", "CVE-2018-7566", "CVE-2018-5333", "CVE-2018-1066", "CVE-2017-0861", "CVE-2017-18203", "CVE-2017-16912", "CVE-2018-1000199", "CVE-2018-6927", "CVE-2018-7757", "CVE-2017-13166", "CVE-2018-8781", "CVE-2017-16526", "CVE-2017-5715", "CVE-2017-18232", "CVE-2017-18241", "CVE-2018-7740", "CVE-2017-16911", "CVE-2018-7492", "CVE-2018-5332", "CVE-2018-7995", "CVE-2018-5750", "CVE-2017-18216", "CVE-2018-1068", "CVE-2017-18017", "CVE-2017-13220", "CVE-2018-5803", "CVE-2018-1092", "CVE-2015-9016", "CVE-2017-16914"], "modified": "2022-07-21T05:49:50", "id": "OSV:DSA-4187-1", "href": "https://osv.dev/vulnerability/DSA-4187-1", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}